Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-03 11:59:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header

Browse Source
This commit is contained in:
Rob Winch 2014-03-06 21:58:35 -06:00
parent 6de138c2f2
commit e15cee62f4
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
View File

@ -73,7 +73,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
assertThat(
strategy
.getAllowFromValue(request)).isEqualTo("ALLOW-FROM "+value);
.getAllowFromValue(request)).isEqualTo(value);
}
@Test

4
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
View File

@ -33,11 +33,11 @@ public class RegExpAllowFromStrategyTests {
request.setParameter("from", "http://abc.test.com");
String result1 = strategy.getAllowFromValue(request);
assertThat(result1, is("ALLOW-FROM http://abc.test.com"));
assertThat(result1, is("http://abc.test.com"));
request.setParameter("from", "http://foo.test.com");
String result2 = strategy.getAllowFromValue(request);
assertThat(result2, is("ALLOW-FROM http://foo.test.com"));
assertThat(result2, is("http://foo.test.com"));
request.setParameter("from", "http://test.foobar.com");
String result3 = strategy.getAllowFromValue(request);

4
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
View File

@ -38,7 +38,7 @@ public class WhiteListedAllowFromStrategyTests {
request.setParameter("from", "http://www.test.com");
String result = strategy.getAllowFromValue(request);
assertThat(result, is("ALLOW-FROM http://www.test.com"));
assertThat(result, is("http://www.test.com"));
}
@Test
@ -52,7 +52,7 @@ public class WhiteListedAllowFromStrategyTests {
request.setParameter("from", "http://www.test.com");
String result = strategy.getAllowFromValue(request);
assertThat(result, is("ALLOW-FROM http://www.test.com"));
assertThat(result, is("http://www.test.com"));
}
@Test