mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
Merge branch '5.8.x' into 6.0.x
This commit is contained in:
commit
ce5aa9e694
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2017 the original author or authors.
|
* Copyright 2002-2023 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -28,7 +28,7 @@ import org.springframework.web.server.ServerWebExchange;
|
|||||||
*/
|
*/
|
||||||
public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
|
||||||
|
|
||||||
public static final String X_CONTENT_OPTIONS = "X-Content-Options";
|
public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
|
||||||
|
|
||||||
public static final String NOSNIFF = "nosniff";
|
public static final String NOSNIFF = "nosniff";
|
||||||
|
|
||||||
|
@ -0,0 +1,65 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2002-2023 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.security.web.server.header;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import org.springframework.http.HttpHeaders;
|
||||||
|
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||||
|
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||||
|
import org.springframework.web.server.ServerWebExchange;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests for {@link ContentTypeOptionsServerHttpHeadersWriter}
|
||||||
|
*
|
||||||
|
* @author Marcus da Coregio
|
||||||
|
*/
|
||||||
|
class ContentTypeOptionsServerHttpHeadersWriterTests {
|
||||||
|
|
||||||
|
ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
|
||||||
|
|
||||||
|
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||||
|
|
||||||
|
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
||||||
|
this.writer.writeHttpHeaders(this.exchange);
|
||||||
|
assertThat(this.headers).hasSize(1);
|
||||||
|
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||||
|
.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void writeHeadersWhenHeaderWrittenThenDoesNotOverride() {
|
||||||
|
String headerValue = "value";
|
||||||
|
this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||||
|
this.writer.writeHttpHeaders(this.exchange);
|
||||||
|
assertThat(this.headers).hasSize(1);
|
||||||
|
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||||
|
.containsOnly(headerValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void constantsMatchExpectedHeaderAndValue() {
|
||||||
|
assertThat(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS).isEqualTo("X-Content-Type-Options");
|
||||||
|
assertThat(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2017 the original author or authors.
|
* Copyright 2002-2023 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -26,33 +26,41 @@ import org.springframework.web.server.ServerWebExchange;
|
|||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Tests for {@link XContentTypeOptionsServerHttpHeadersWriter}
|
||||||
|
*
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 5.0
|
* @since 5.0
|
||||||
*/
|
*/
|
||||||
public class XContentTypeOptionsServerHttpHeadersWriterTests {
|
public class XContentTypeOptionsServerHttpHeadersWriterTests {
|
||||||
|
|
||||||
ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
|
XContentTypeOptionsServerHttpHeadersWriter writer = new XContentTypeOptionsServerHttpHeadersWriter();
|
||||||
|
|
||||||
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||||
|
|
||||||
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
HttpHeaders headers = this.exchange.getResponse().getHeaders();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
public void writeHeadersWhenNoHeadersThenWriteHeadersForXContentTypeOptionsServerHttpHeadersWriter() {
|
||||||
this.writer.writeHttpHeaders(this.exchange);
|
this.writer.writeHttpHeaders(this.exchange);
|
||||||
assertThat(this.headers).hasSize(1);
|
assertThat(this.headers).hasSize(1);
|
||||||
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||||
.containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
.containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
|
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrideForXContentTypeOptionsServerHttpHeadersWriter() {
|
||||||
String headerValue = "value";
|
String headerValue = "value";
|
||||||
this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
this.headers.set(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
|
||||||
this.writer.writeHttpHeaders(this.exchange);
|
this.writer.writeHttpHeaders(this.exchange);
|
||||||
assertThat(this.headers).hasSize(1);
|
assertThat(this.headers).hasSize(1);
|
||||||
assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
|
||||||
.containsOnly(headerValue);
|
.containsOnly(headerValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void constantsMatchExpectedHeaderAndValueForXContentTypeOptionsServerHttpHeadersWriter() {
|
||||||
|
assertThat(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS).isEqualTo("X-Content-Type-Options");
|
||||||
|
assertThat(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user