mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 16:52:13 +00:00
HttpHeaders no longer a MultiValueMap
Closes gh-17060
This commit is contained in:
Rob Winch
parent
e5e962ef90
commit
b453840c0a
@ -18,8 +18,6 @@ package org.springframework.security.config.web.server;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
@ -114,12 +112,13 @@ public class CorsSpecTests {
|
||||
.exchange()
|
||||
.returnResult(String.class);
|
||||
// @formatter:on
|
||||
Map<String, List<String>> responseHeaders = response.getResponseHeaders();
|
||||
HttpHeaders responseHeaders = response.getResponseHeaders();
|
||||
if (!this.expectedHeaders.isEmpty()) {
|
||||
assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
|
||||
this.expectedHeaders.forEach(
|
||||
(headerName, headerValues) -> assertThat(responseHeaders.get(headerName)).isEqualTo(headerValues));
|
||||
}
|
||||
if (!this.headerNamesNotPresent.isEmpty()) {
|
||||
assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
|
||||
assertThat(responseHeaders.headerNames()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -18,8 +18,6 @@ package org.springframework.security.config.web.server;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
@ -80,14 +78,14 @@ public class HeaderSpecTests {
|
||||
|
||||
@Test
|
||||
public void headersWhenDisableThenNoSecurityHeaders() {
|
||||
new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
|
||||
new HashSet<>(this.expectedHeaders.headerNames()).forEach(this::expectHeaderNamesNotPresent);
|
||||
this.http.headers().disable();
|
||||
assertHeaders();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void headersWhenDisableInLambdaThenNoSecurityHeaders() {
|
||||
new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
|
||||
new HashSet<>(this.expectedHeaders.headerNames()).forEach(this::expectHeaderNamesNotPresent);
|
||||
this.http.headers((headers) -> headers.disable());
|
||||
assertHeaders();
|
||||
}
|
||||
@ -515,12 +513,13 @@ public class HeaderSpecTests {
|
||||
.uri("https://example.com/")
|
||||
.exchange()
|
||||
.returnResult(String.class);
|
||||
Map<String, List<String>> responseHeaders = response.getResponseHeaders();
|
||||
HttpHeaders responseHeaders = response.getResponseHeaders();
|
||||
if (!this.expectedHeaders.isEmpty()) {
|
||||
assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders);
|
||||
this.expectedHeaders.forEach(
|
||||
(headerName, headerValues) -> assertThat(responseHeaders.get(headerName)).isEqualTo(headerValues));
|
||||
}
|
||||
if (!this.headerNamesNotPresent.isEmpty()) {
|
||||
assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
|
||||
assertThat(responseHeaders.headerNames()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -945,7 +945,7 @@ public class OidcLogoutSpecTests {
|
||||
private MockResponse toMockResponse(FluxExchangeResult<String> result) {
|
||||
MockResponse response = new MockResponse();
|
||||
response.setResponseCode(result.getStatus().value());
|
||||
for (String name : result.getResponseHeaders().keySet()) {
|
||||
for (String name : result.getResponseHeaders().headerNames()) {
|
||||
response.addHeader(name, result.getResponseHeaders().getFirst(name));
|
||||
}
|
||||
String body = result.getResponseBody().blockFirst();
|
||||
|
||||
@ -127,7 +127,7 @@ class ServerHttpsRedirectDslTests {
|
||||
return http {
|
||||
redirectToHttps {
|
||||
httpsRedirectWhen {
|
||||
it.request.headers.containsKey("X-Requires-Https")
|
||||
it.request.headers.headerNames().contains("X-Requires-Https")
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -165,7 +165,7 @@ class ServerHttpsRedirectDslTests {
|
||||
redirectToHttps {
|
||||
httpsRedirectWhen(PathPatternParserServerWebExchangeMatcher("/secure"))
|
||||
httpsRedirectWhen {
|
||||
it.request.headers.containsKey("X-Requires-Https")
|
||||
it.request.headers.headerNames().contains("X-Requires-Https")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -91,7 +91,7 @@ public class BearerTokenServerAuthenticationEntryPointTests {
|
||||
@Test
|
||||
public void commenceWhenNoSubscriberThenNothingHappens() {
|
||||
this.entryPoint.commence(this.exchange, new BadCredentialsException(""));
|
||||
assertThat(getResponse().getHeaders()).isEmpty();
|
||||
assertThat(getResponse().getHeaders().headerNames()).isEmpty();
|
||||
assertThat(getResponse().getStatusCode()).isNull();
|
||||
}
|
||||
|
||||
|
||||
@ -267,7 +267,7 @@ public class FilterInvocation {
|
||||
|
||||
@Override
|
||||
public Enumeration<String> getHeaderNames() {
|
||||
return Collections.enumeration(this.headers.keySet());
|
||||
return Collections.enumeration(this.headers.headerNames());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -135,8 +135,8 @@ public class StrictServerWebExchangeFirewall implements ServerWebExchangeFirewal
|
||||
private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern
|
||||
.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
|
||||
|
||||
private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = (
|
||||
s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches();
|
||||
private static final Predicate<String> ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = (s) -> s == null
|
||||
|| ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches();
|
||||
|
||||
private static final Pattern HEADER_VALUE_PATTERN = Pattern.compile("[\\p{IsAssigned}&&[[^\\p{IsControl}]||\\t]]*");
|
||||
|
||||
@ -198,13 +198,11 @@ public class StrictServerWebExchangeFirewall implements ServerWebExchangeFirewal
|
||||
exchange.getResponse().beforeCommit(() -> Mono.fromRunnable(() -> {
|
||||
ServerHttpResponse response = exchange.getResponse();
|
||||
HttpHeaders headers = response.getHeaders();
|
||||
for (Map.Entry<String, List<String>> header : headers.entrySet()) {
|
||||
String headerName = header.getKey();
|
||||
List<String> headerValues = header.getValue();
|
||||
headers.forEach((headerName, headerValues) -> {
|
||||
for (String headerValue : headerValues) {
|
||||
validateCrlf(headerName, headerValue);
|
||||
}
|
||||
}
|
||||
});
|
||||
}));
|
||||
return new StrictFirewallServerWebExchange(exchange);
|
||||
});
|
||||
@ -767,23 +765,21 @@ public class StrictServerWebExchangeFirewall implements ServerWebExchangeFirewal
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> get(Object key) {
|
||||
if (key instanceof String headerName) {
|
||||
validateAllowedHeaderName(headerName);
|
||||
}
|
||||
List<String> headerValues = super.get(key);
|
||||
public List<String> get(String headerName) {
|
||||
validateAllowedHeaderName(headerName);
|
||||
List<String> headerValues = super.get(headerName);
|
||||
if (headerValues == null) {
|
||||
return headerValues;
|
||||
}
|
||||
for (String headerValue : headerValues) {
|
||||
validateAllowedHeaderValue(key, headerValue);
|
||||
validateAllowedHeaderValue(headerName, headerValue);
|
||||
}
|
||||
return headerValues;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> keySet() {
|
||||
Set<String> headerNames = super.keySet();
|
||||
public Set<String> headerNames() {
|
||||
Set<String> headerNames = super.headerNames();
|
||||
for (String headerName : headerNames) {
|
||||
validateAllowedHeaderName(headerName);
|
||||
}
|
||||
|
||||
@ -43,8 +43,8 @@ public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||
// Note: We need to ensure that the following algorithm compares headers
|
||||
// case insensitively, which should be true of headers.containsKey().
|
||||
boolean containsNoHeadersToAdd = true;
|
||||
for (String headerName : this.headersToAdd.keySet()) {
|
||||
if (headers.containsKey(headerName)) {
|
||||
for (String headerName : this.headersToAdd.headerNames()) {
|
||||
if (headers.containsHeader(headerName)) {
|
||||
containsNoHeadersToAdd = false;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -444,7 +444,7 @@ class StrictServerWebExchangeFirewallTests {
|
||||
ServerWebExchange exchange = getFirewalledExchange();
|
||||
HttpHeaders headers = exchange.getRequest().getHeaders();
|
||||
assertThatExceptionOfType(ServerExchangeRejectedException.class)
|
||||
.isThrownBy(() -> headers.keySet().iterator().next());
|
||||
.isThrownBy(() -> headers.headerNames().iterator().next());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@ -42,7 +42,7 @@ public class CacheControlServerHttpHeadersWriterTests {
|
||||
@Test
|
||||
public void writeHeadersWhenCacheHeadersThenWritesAllCacheControl() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(3);
|
||||
assertThat(this.headers.headerNames()).hasSize(3);
|
||||
assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL))
|
||||
.containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
|
||||
assertThat(this.headers.get(HttpHeaders.EXPIRES))
|
||||
@ -63,7 +63,7 @@ public class CacheControlServerHttpHeadersWriterTests {
|
||||
String pragma = "1";
|
||||
this.headers.set(HttpHeaders.PRAGMA, pragma);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(pragma);
|
||||
}
|
||||
|
||||
@ -72,7 +72,7 @@ public class CacheControlServerHttpHeadersWriterTests {
|
||||
String expires = "1";
|
||||
this.headers.set(HttpHeaders.EXPIRES, expires);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(HttpHeaders.EXPIRES)).containsOnly(expires);
|
||||
}
|
||||
|
||||
@ -81,7 +81,7 @@ public class CacheControlServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() {
|
||||
this.exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).isEmpty();
|
||||
assertThat(this.headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -57,7 +57,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
|
||||
.containsOnly(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
@ -68,7 +68,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setReportOnly(true);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY))
|
||||
.containsOnly(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
@ -78,7 +78,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setReportOnly(true);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -89,7 +89,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests {
|
||||
.set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY))
|
||||
.containsOnly(headerValue);
|
||||
}
|
||||
|
||||
@ -41,7 +41,7 @@ class ContentTypeOptionsServerHttpHeadersWriterTests {
|
||||
@Test
|
||||
void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||
.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||
}
|
||||
@ -51,7 +51,7 @@ class ContentTypeOptionsServerHttpHeadersWriterTests {
|
||||
String headerValue = "value";
|
||||
this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||
.containsOnly(headerValue);
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenNoValuesThenDoesNotWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -59,7 +59,7 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests {
|
||||
.add(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY, "require-corp");
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY))
|
||||
.containsOnly("require-corp");
|
||||
}
|
||||
@ -69,7 +69,7 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY))
|
||||
.containsOnly("require-corp");
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ class CrossOriginOpenerPolicyServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenNoValuesThenDoesNotWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -59,7 +59,7 @@ class CrossOriginOpenerPolicyServerHttpHeadersWriterTests {
|
||||
.add(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY, "same-origin");
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY))
|
||||
.containsOnly("same-origin");
|
||||
}
|
||||
@ -70,7 +70,7 @@ class CrossOriginOpenerPolicyServerHttpHeadersWriterTests {
|
||||
.setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy.SAME_ORIGIN_ALLOW_POPUPS);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY))
|
||||
.containsOnly("same-origin-allow-popups");
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenNoValuesThenDoesNotWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -59,7 +59,7 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests {
|
||||
.add(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY, "same-origin");
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY))
|
||||
.containsOnly("same-origin");
|
||||
}
|
||||
@ -69,7 +69,7 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy.SAME_ORIGIN);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY))
|
||||
.containsOnly("same-origin");
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -57,7 +57,7 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY))
|
||||
.containsOnly(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
@ -69,7 +69,7 @@ public class FeaturePolicyServerHttpHeadersWriterTests {
|
||||
this.exchange.getResponse().getHeaders().set(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ public class PermissionsPolicyServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -57,7 +57,7 @@ public class PermissionsPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicy(DEFAULT_POLICY_DIRECTIVES);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY))
|
||||
.containsOnly(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
@ -71,7 +71,7 @@ public class PermissionsPolicyServerHttpHeadersWriterTests {
|
||||
.set(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenUsingDefaultsThenDoesNotWrite() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY))
|
||||
.containsOnly(ReferrerPolicy.NO_REFERRER.getPolicy());
|
||||
}
|
||||
@ -58,7 +58,7 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
|
||||
this.writer.setPolicy(ReferrerPolicy.SAME_ORIGIN);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY))
|
||||
.containsOnly(ReferrerPolicy.SAME_ORIGIN.getPolicy());
|
||||
}
|
||||
@ -71,7 +71,7 @@ public class ReferrerPolicyServerHttpHeadersWriterTests {
|
||||
.set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
|
||||
@ -102,7 +102,7 @@ public class StaticServerHttpHeadersWriterTests {
|
||||
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
|
||||
.build();
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
package org.springframework.security.web.server.header;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@ -43,9 +42,10 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||
this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
|
||||
this.hsts.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
Arrays.asList("max-age=31536000 ; includeSubDomains"));
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.containsHeaderValue(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
"max-age=31536000 ; includeSubDomains"))
|
||||
.isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -55,9 +55,9 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||
this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
|
||||
this.hsts.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.containsHeaderValue(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
"max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -66,9 +66,9 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||
this.exchange = exchange(MockServerHttpRequest.get("https://example.com/"));
|
||||
this.hsts.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
Arrays.asList("max-age=31536000"));
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.containsHeaderValue(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
|
||||
"max-age=31536000"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -76,7 +76,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||
this.exchange = exchange(MockServerHttpRequest.get("/"));
|
||||
this.hsts.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -84,7 +84,7 @@ public class StrictTransportSecurityServerHttpHeadersWriterTests {
|
||||
this.exchange = exchange(MockServerHttpRequest.get("http://localhost/"));
|
||||
this.hsts.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).isEmpty();
|
||||
assertThat(headers.headerNames()).isEmpty();
|
||||
}
|
||||
|
||||
private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {
|
||||
|
||||
@ -42,7 +42,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
|
||||
@Test
|
||||
public void writeHeadersWhenNoHeadersThenWriteHeadersForXContentTypeOptionsServerHttpHeadersWriter() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||
.containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||
}
|
||||
@ -52,7 +52,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests {
|
||||
String headerValue = "value";
|
||||
this.headers.set(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||
.containsOnly(headerValue);
|
||||
}
|
||||
|
||||
@ -45,7 +45,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
|
||||
public void writeHeadersWhenUsingDefaultsThenWritesDeny() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
|
||||
this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
|
||||
}
|
||||
|
||||
@ -63,7 +63,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
|
||||
this.writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
|
||||
}
|
||||
|
||||
@ -73,7 +73,7 @@ public class XFrameOptionsServerHttpHeadersWriterTests {
|
||||
this.exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||
assertThat(headers).hasSize(1);
|
||||
assertThat(headers.headerNames()).hasSize(1);
|
||||
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
@Test
|
||||
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
|
||||
}
|
||||
|
||||
@ -56,7 +56,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
String headerValue = "value";
|
||||
this.headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
@ -64,7 +64,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenDisabledThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
|
||||
}
|
||||
|
||||
@ -72,7 +72,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenEnabledThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
|
||||
}
|
||||
|
||||
@ -80,7 +80,7 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
void writeHeadersWhenEnabledModeBlockThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.headerNames()).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION))
|
||||
.containsOnly("1; mode=block");
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user