Rob Winch
parent
2982b82b2d
commit
a5af2a07d7
|
|
@ -48,14 +48,14 @@ import org.springframework.security.web.server.context.SecurityContextServerRepo
|
||||||
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
|
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
|
||||||
import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextServerRepository;
|
import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextServerRepository;
|
||||||
import org.springframework.security.web.server.context.WebSessionSecurityContextServerRepository;
|
import org.springframework.security.web.server.context.WebSessionSecurityContextServerRepository;
|
||||||
import org.springframework.security.web.server.header.CacheControlHttpHeadersWriter;
|
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.CompositeHttpHeadersWriter;
|
import org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
|
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
|
import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
|
||||||
import org.springframework.security.web.server.header.HttpHeadersWriter;
|
import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
|
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
|
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
|
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
|
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
|
||||||
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
|
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
|
||||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
|
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
|
||||||
|
|
@ -449,17 +449,17 @@ public class HttpSecurity {
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class HeaderBuilder {
|
public class HeaderBuilder {
|
||||||
private final List<HttpHeadersWriter> writers;
|
private final List<ServerHttpHeadersWriter> writers;
|
||||||
|
|
||||||
private CacheControlHttpHeadersWriter cacheControl = new CacheControlHttpHeadersWriter();
|
private CacheControlServerHttpHeadersWriter cacheControl = new CacheControlServerHttpHeadersWriter();
|
||||||
|
|
||||||
private ContentTypeOptionsHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsHttpHeadersWriter();
|
private ContentTypeOptionsServerHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsServerHttpHeadersWriter();
|
||||||
|
|
||||||
private StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
|
private StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
|
||||||
|
|
||||||
private XFrameOptionsHttpHeadersWriter frameOptions = new XFrameOptionsHttpHeadersWriter();
|
private XFrameOptionsServerHttpHeadersWriter frameOptions = new XFrameOptionsServerHttpHeadersWriter();
|
||||||
|
|
||||||
private XXssProtectionHttpHeadersWriter xss = new XXssProtectionHttpHeadersWriter();
|
private XXssProtectionServerHttpHeadersWriter xss = new XXssProtectionServerHttpHeadersWriter();
|
||||||
|
|
||||||
public HttpSecurity and() {
|
public HttpSecurity and() {
|
||||||
return HttpSecurity.this;
|
return HttpSecurity.this;
|
||||||
|
|
@ -482,7 +482,7 @@ public class HttpSecurity {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void configure(HttpSecurity http) {
|
protected void configure(HttpSecurity http) {
|
||||||
HttpHeadersWriter writer = new CompositeHttpHeadersWriter(this.writers);
|
ServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(this.writers);
|
||||||
HttpHeaderWriterWebFilter result = new HttpHeaderWriterWebFilter(writer);
|
HttpHeaderWriterWebFilter result = new HttpHeaderWriterWebFilter(writer);
|
||||||
http.addFilterAt(result, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
|
http.addFilterAt(result, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
|
||||||
}
|
}
|
||||||
|
|
@ -508,7 +508,7 @@ public class HttpSecurity {
|
||||||
}
|
}
|
||||||
|
|
||||||
public class FrameOptionsSpec {
|
public class FrameOptionsSpec {
|
||||||
public void mode(XFrameOptionsHttpHeadersWriter.Mode mode) {
|
public void mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
|
||||||
HeaderBuilder.this.frameOptions.setMode(mode);
|
HeaderBuilder.this.frameOptions.setMode(mode);
|
||||||
}
|
}
|
||||||
public void disable() {
|
public void disable() {
|
||||||
|
|
|
||||||
|
|
@ -20,10 +20,10 @@ import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpHeaders;
|
||||||
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
||||||
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
|
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
|
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
|
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
|
||||||
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
|
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
|
||||||
import org.springframework.test.web.reactive.server.FluxExchangeResult;
|
import org.springframework.test.web.reactive.server.FluxExchangeResult;
|
||||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
|
|
||||||
|
|
@ -49,15 +49,15 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
|
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
|
||||||
this.expectedHeaders.add(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
|
this.expectedHeaders.add(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
|
||||||
this.expectedHeaders.add(HttpHeaders.PRAGMA, "no-cache");
|
this.expectedHeaders.add(HttpHeaders.PRAGMA, "no-cache");
|
||||||
this.expectedHeaders.add(HttpHeaders.EXPIRES, "0");
|
this.expectedHeaders.add(HttpHeaders.EXPIRES, "0");
|
||||||
this.expectedHeaders
|
this.expectedHeaders
|
||||||
.add(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
|
.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
|
||||||
this.expectedHeaders.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
|
this.expectedHeaders.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
|
||||||
this.expectedHeaders
|
this.expectedHeaders
|
||||||
.add(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
|
.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -77,7 +77,7 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
|
public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
|
||||||
this.expectedHeaders.remove(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS);
|
this.expectedHeaders.remove(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
|
||||||
this.headers.contentTypeOptions().disable();
|
this.headers.contentTypeOptions().disable();
|
||||||
|
|
||||||
assertHeaders();
|
assertHeaders();
|
||||||
|
|
@ -85,7 +85,7 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void headersWhenHstsDisableThenHstsNotWritten() {
|
public void headersWhenHstsDisableThenHstsNotWritten() {
|
||||||
this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
||||||
this.headers.hsts().disable();
|
this.headers.hsts().disable();
|
||||||
|
|
||||||
assertHeaders();
|
assertHeaders();
|
||||||
|
|
@ -93,8 +93,8 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void headersWhenHstsCustomThenCustomHstsWritten() {
|
public void headersWhenHstsCustomThenCustomHstsWritten() {
|
||||||
this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
||||||
this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
|
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
|
||||||
this.headers.hsts().maxAge(Duration.ofSeconds(60));
|
this.headers.hsts().maxAge(Duration.ofSeconds(60));
|
||||||
this.headers.hsts().includeSubdomains(false);
|
this.headers.hsts().includeSubdomains(false);
|
||||||
|
|
||||||
|
|
@ -103,7 +103,7 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
|
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
|
||||||
this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
|
this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
||||||
this.headers.frameOptions().disable();
|
this.headers.frameOptions().disable();
|
||||||
|
|
||||||
assertHeaders();
|
assertHeaders();
|
||||||
|
|
@ -111,10 +111,10 @@ public class HeaderBuilderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
|
public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
|
||||||
this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
|
this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
||||||
this.expectedHeaders
|
this.expectedHeaders
|
||||||
.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
|
.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
|
||||||
this.headers.frameOptions().mode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
|
this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
|
||||||
|
|
||||||
assertHeaders();
|
assertHeaders();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,15 +19,11 @@ import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.runner.RunWith;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.http.HttpHeaders;
|
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
|
|
||||||
import org.springframework.test.context.ContextConfiguration;
|
import org.springframework.test.context.ContextConfiguration;
|
||||||
import org.springframework.test.context.TestPropertySource;
|
import org.springframework.test.context.TestPropertySource;
|
||||||
import org.springframework.test.context.junit4.SpringRunner;
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
import org.springframework.test.web.reactive.server.ExchangeResult;
|
|
||||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
|
|
||||||
|
|
||||||
import java.nio.charset.Charset;
|
import java.nio.charset.Charset;
|
||||||
import java.time.Duration;
|
import java.time.Duration;
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
|
public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The value for expires value
|
* The value for expires value
|
||||||
|
|
@ -45,10 +45,11 @@ public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
/**
|
/**
|
||||||
* The delegate to write all the cache control related headers
|
* The delegate to write all the cache control related headers
|
||||||
*/
|
*/
|
||||||
private static final HttpHeadersWriter CACHE_HEADERS = StaticHttpHeadersWriter.builder()
|
private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter
|
||||||
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
.builder()
|
||||||
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
|
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
||||||
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
|
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
|
||||||
|
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -29,14 +29,14 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class CompositeHttpHeadersWriter implements HttpHeadersWriter {
|
public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
private final List<HttpHeadersWriter> writers;
|
private final List<ServerHttpHeadersWriter> writers;
|
||||||
|
|
||||||
public CompositeHttpHeadersWriter(HttpHeadersWriter... writers) {
|
public CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter... writers) {
|
||||||
this(Arrays.asList(writers));
|
this(Arrays.asList(writers));
|
||||||
}
|
}
|
||||||
|
|
||||||
public CompositeHttpHeadersWriter(List<HttpHeadersWriter> writers) {
|
public CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter> writers) {
|
||||||
this.writers = writers;
|
this.writers = writers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -24,7 +24,8 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
public class ContentTypeOptionsServerHttpHeadersWriter
|
||||||
|
implements ServerHttpHeadersWriter {
|
||||||
|
|
||||||
public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
|
public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
|
||||||
|
|
||||||
|
|
@ -34,7 +35,8 @@ public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
/**
|
/**
|
||||||
* The delegate to write all the cache control related headers
|
* The delegate to write all the cache control related headers
|
||||||
*/
|
*/
|
||||||
private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
|
private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
|
||||||
|
.builder()
|
||||||
.header(X_CONTENT_OPTIONS, NOSNIFF)
|
.header(X_CONTENT_OPTIONS, NOSNIFF)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
|
@ -23,16 +23,16 @@ import org.springframework.web.server.WebFilterChain;
|
||||||
import reactor.core.publisher.Mono;
|
import reactor.core.publisher.Mono;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Invokes a {@link HttpHeadersWriter} on
|
* Invokes a {@link ServerHttpHeadersWriter} on
|
||||||
* {@link ServerHttpResponse#beforeCommit(java.util.function.Supplier)}.
|
* {@link ServerHttpResponse#beforeCommit(java.util.function.Supplier)}.
|
||||||
*
|
*
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class HttpHeaderWriterWebFilter implements WebFilter {
|
public class HttpHeaderWriterWebFilter implements WebFilter {
|
||||||
private final HttpHeadersWriter writer;
|
private final ServerHttpHeadersWriter writer;
|
||||||
|
|
||||||
public HttpHeaderWriterWebFilter(HttpHeadersWriter writer) {
|
public HttpHeaderWriterWebFilter(ServerHttpHeadersWriter writer) {
|
||||||
super();
|
super();
|
||||||
this.writer = writer;
|
this.writer = writer;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public interface HttpHeadersWriter {
|
public interface ServerHttpHeadersWriter {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Write the headers to the response.
|
* Write the headers to the response.
|
||||||
|
|
@ -27,10 +27,10 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class StaticHttpHeadersWriter implements HttpHeadersWriter {
|
public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
private final HttpHeaders headersToAdd;
|
private final HttpHeaders headersToAdd;
|
||||||
|
|
||||||
public StaticHttpHeadersWriter(HttpHeaders headersToAdd) {
|
public StaticServerHttpHeadersWriter(HttpHeaders headersToAdd) {
|
||||||
this.headersToAdd = headersToAdd;
|
this.headersToAdd = headersToAdd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -61,8 +61,8 @@ public class StaticHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public StaticHttpHeadersWriter build() {
|
public StaticServerHttpHeadersWriter build() {
|
||||||
return new StaticHttpHeadersWriter(headers);
|
return new StaticServerHttpHeadersWriter(headers);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -25,19 +25,20 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeadersWriter {
|
public final class StrictTransportSecurityServerHttpHeadersWriter
|
||||||
|
implements ServerHttpHeadersWriter {
|
||||||
public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
|
public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
|
||||||
|
|
||||||
private String maxAge;
|
private String maxAge;
|
||||||
|
|
||||||
private String subdomain;
|
private String subdomain;
|
||||||
|
|
||||||
private HttpHeadersWriter delegate;
|
private ServerHttpHeadersWriter delegate;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public StrictTransportSecurityHttpHeadersWriter() {
|
public StrictTransportSecurityServerHttpHeadersWriter() {
|
||||||
setIncludeSubDomains(true);
|
setIncludeSubDomains(true);
|
||||||
setMaxAge(Duration.ofDays(365L));
|
setMaxAge(Duration.ofDays(365L));
|
||||||
updateDelegate();
|
updateDelegate();
|
||||||
|
|
@ -62,7 +63,7 @@ public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeade
|
||||||
}
|
}
|
||||||
|
|
||||||
private void updateDelegate() {
|
private void updateDelegate() {
|
||||||
delegate = StaticHttpHeadersWriter.builder()
|
delegate = StaticServerHttpHeadersWriter.builder()
|
||||||
.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain)
|
.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
@ -25,7 +25,8 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
public class XContentTypeOptionsServerHttpHeadersWriter
|
||||||
|
implements ServerHttpHeadersWriter {
|
||||||
|
|
||||||
public static final String X_CONTENT_OPTIONS = "X-Content-Options";
|
public static final String X_CONTENT_OPTIONS = "X-Content-Options";
|
||||||
|
|
||||||
|
|
@ -35,7 +36,8 @@ public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
/**
|
/**
|
||||||
* The delegate to write all the cache control related headers
|
* The delegate to write all the cache control related headers
|
||||||
*/
|
*/
|
||||||
private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
|
private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
|
||||||
|
.builder()
|
||||||
.header(X_CONTENT_OPTIONS, NOSNIFF)
|
.header(X_CONTENT_OPTIONS, NOSNIFF)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
|
@ -23,10 +23,10 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
public static final String X_FRAME_OPTIONS = "X-Frame-Options";
|
public static final String X_FRAME_OPTIONS = "X-Frame-Options";
|
||||||
|
|
||||||
private HttpHeadersWriter delegate = createDelegate(Mode.DENY);
|
private ServerHttpHeadersWriter delegate = createDelegate(Mode.DENY);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* (non-Javadoc)
|
* (non-Javadoc)
|
||||||
|
|
@ -82,9 +82,9 @@ public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
SAMEORIGIN;
|
SAMEORIGIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static HttpHeadersWriter createDelegate(Mode mode) {
|
private static ServerHttpHeadersWriter createDelegate(Mode mode) {
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
return StaticHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
|
return StaticServerHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -23,19 +23,19 @@ import reactor.core.publisher.Mono;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
|
public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
public static final String X_XSS_PROTECTION = "X-XSS-Protection";
|
public static final String X_XSS_PROTECTION = "X-XSS-Protection";
|
||||||
|
|
||||||
private boolean enabled;
|
private boolean enabled;
|
||||||
|
|
||||||
private boolean block;
|
private boolean block;
|
||||||
|
|
||||||
private HttpHeadersWriter delegate;
|
private ServerHttpHeadersWriter delegate;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public XXssProtectionHttpHeadersWriter() {
|
public XXssProtectionServerHttpHeadersWriter() {
|
||||||
this.enabled = true;
|
this.enabled = true;
|
||||||
this.block = true;
|
this.block = true;
|
||||||
updateDelegate();
|
updateDelegate();
|
||||||
|
|
@ -97,7 +97,7 @@ public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
|
||||||
|
|
||||||
private void updateDelegate() {
|
private void updateDelegate() {
|
||||||
|
|
||||||
this.delegate = StaticHttpHeadersWriter.builder()
|
this.delegate = StaticServerHttpHeadersWriter.builder()
|
||||||
.header(X_XSS_PROTECTION, createHeaderValue())
|
.header(X_XSS_PROTECTION, createHeaderValue())
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
@ -28,8 +28,8 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class CacheControlHttpHeadersWriterTests {
|
public class CacheControlServerHttpHeadersWriterTests {
|
||||||
CacheControlHttpHeadersWriter writer = new CacheControlHttpHeadersWriter();
|
CacheControlServerHttpHeadersWriter writer = new CacheControlServerHttpHeadersWriter();
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
||||||
|
|
@ -40,9 +40,12 @@ public class CacheControlHttpHeadersWriterTests {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(3);
|
assertThat(headers).hasSize(3);
|
||||||
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
|
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
|
||||||
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
|
CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
|
||||||
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
|
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
|
||||||
|
CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
|
||||||
|
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
|
||||||
|
CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -37,20 +37,18 @@ import reactor.test.StepVerifier;
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
@RunWith(MockitoJUnitRunner.class)
|
@RunWith(MockitoJUnitRunner.class)
|
||||||
public class CompositeHttpHeadersWriterTests {
|
public class CompositeServerHttpHeadersWriterTests {
|
||||||
@Mock
|
@Mock ServerHttpHeadersWriter writer1;
|
||||||
HttpHeadersWriter writer1;
|
|
||||||
|
|
||||||
@Mock
|
@Mock ServerHttpHeadersWriter writer2;
|
||||||
HttpHeadersWriter writer2;
|
|
||||||
|
|
||||||
CompositeHttpHeadersWriter writer;
|
CompositeServerHttpHeadersWriter writer;
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
writer = new CompositeHttpHeadersWriter(Arrays.asList(writer1, writer2));
|
writer = new CompositeServerHttpHeadersWriter(Arrays.asList(writer1, writer2));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -40,8 +40,7 @@ import reactor.core.publisher.Mono;
|
||||||
*/
|
*/
|
||||||
@RunWith(MockitoJUnitRunner.class)
|
@RunWith(MockitoJUnitRunner.class)
|
||||||
public class HttpHeaderWriterWebFilterTests {
|
public class HttpHeaderWriterWebFilterTests {
|
||||||
@Mock
|
@Mock ServerHttpHeadersWriter writer;
|
||||||
HttpHeadersWriter writer;
|
|
||||||
|
|
||||||
HttpHeaderWriterWebFilter filter;
|
HttpHeaderWriterWebFilter filter;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,10 +26,10 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class StaticHttpHeadersWriterTests {
|
public class StaticServerHttpHeadersWriterTests {
|
||||||
|
|
||||||
StaticHttpHeadersWriter writer = StaticHttpHeadersWriter.builder()
|
StaticServerHttpHeadersWriter writer = StaticServerHttpHeadersWriter.builder()
|
||||||
.header(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsHttpHeadersWriter.NOSNIFF)
|
.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
@ -40,32 +40,36 @@ public class StaticHttpHeadersWriterTests {
|
||||||
public void writeHeadersWhenSingleHeaderThenWritesHeader() {
|
public void writeHeadersWhenSingleHeaderThenWritesHeader() {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
|
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
|
||||||
|
ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
|
public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
|
||||||
String headerValue = "other";
|
String headerValue = "other";
|
||||||
headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
|
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
|
public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
|
||||||
writer = StaticHttpHeadersWriter.builder()
|
writer = StaticServerHttpHeadersWriter.builder()
|
||||||
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
||||||
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
|
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
|
||||||
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
|
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
|
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
|
||||||
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
|
CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
|
||||||
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
|
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
|
||||||
|
CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
|
||||||
|
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
|
||||||
|
CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -73,10 +77,10 @@ public class StaticHttpHeadersWriterTests {
|
||||||
String headerValue = "other";
|
String headerValue = "other";
|
||||||
headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
|
headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
|
||||||
|
|
||||||
writer = StaticHttpHeadersWriter.builder()
|
writer = StaticServerHttpHeadersWriter.builder()
|
||||||
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
|
||||||
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
|
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
|
||||||
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
|
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
@ -29,8 +29,8 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class StrictTransportSecurityHttpHeadersWriterTests {
|
public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||||
StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
|
StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
|
||||||
|
|
||||||
ServerWebExchange exchange;
|
ServerWebExchange exchange;
|
||||||
|
|
||||||
|
|
@ -42,7 +42,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||||
Arrays.asList("max-age=31536000 ; includeSubDomains"));
|
Arrays.asList("max-age=31536000 ; includeSubDomains"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -56,7 +56,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||||
Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
|
Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -69,7 +69,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||||
Arrays.asList("max-age=31536000"));
|
Arrays.asList("max-age=31536000"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -26,9 +26,9 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XContentTypeOptionsHttpHeadersWriterTests {
|
public class XContentTypeOptionsServerHttpHeadersWriterTests {
|
||||||
|
|
||||||
ContentTypeOptionsHttpHeadersWriter writer = new ContentTypeOptionsHttpHeadersWriter();
|
ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
||||||
|
|
@ -39,17 +39,18 @@ public class XContentTypeOptionsHttpHeadersWriterTests {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
|
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
|
||||||
|
ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
|
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
|
||||||
String headerValue = "value";
|
String headerValue = "value";
|
||||||
headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
|
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -27,15 +27,15 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XFrameOptionsHttpHeadersWriterTests {
|
public class XFrameOptionsServerHttpHeadersWriterTests {
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
||||||
XFrameOptionsHttpHeadersWriter writer;
|
XFrameOptionsServerHttpHeadersWriter writer;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
writer = new XFrameOptionsHttpHeadersWriter();
|
writer = new XFrameOptionsServerHttpHeadersWriter();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -44,41 +44,41 @@ public class XFrameOptionsHttpHeadersWriterTests {
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
|
public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
|
||||||
writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.DENY);
|
writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
|
public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
|
||||||
writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
|
writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
|
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
|
public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
|
||||||
String headerValue = "other";
|
String headerValue = "other";
|
||||||
exchange.getResponse().getHeaders().set(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
|
exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
|
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -26,19 +26,19 @@ import org.springframework.web.server.ServerWebExchange;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XXssProtectionHttpHeadersWriterTests {
|
public class XXssProtectionServerHttpHeadersWriterTests {
|
||||||
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
|
||||||
|
|
||||||
HttpHeaders headers = exchange.getResponse().getHeaders();
|
HttpHeaders headers = exchange.getResponse().getHeaders();
|
||||||
|
|
||||||
XXssProtectionHttpHeadersWriter writer = new XXssProtectionHttpHeadersWriter();
|
XXssProtectionServerHttpHeadersWriter writer = new XXssProtectionServerHttpHeadersWriter();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
|
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -48,7 +48,7 @@ public class XXssProtectionHttpHeadersWriterTests {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
|
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -58,18 +58,18 @@ public class XXssProtectionHttpHeadersWriterTests {
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
|
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
|
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
|
||||||
String headerValue = "value";
|
String headerValue = "value";
|
||||||
headers.set(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
|
headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
|
||||||
|
|
||||||
writer.writeHttpHeaders(exchange);
|
writer.writeHttpHeaders(exchange);
|
||||||
|
|
||||||
assertThat(headers).hasSize(1);
|
assertThat(headers).hasSize(1);
|
||||||
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
|
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue