Add reactive support for Content-Security-Policy security header
This commit is contained in:
@@ -27,6 +27,7 @@ import org.junit.Test;
|
||||
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
||||
import org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter;
|
||||
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
|
||||
import org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter;
|
||||
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
|
||||
@@ -153,11 +154,23 @@ public class HeaderSpecTests {
|
||||
String policyDirectives = "Feature-Policy";
|
||||
this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY,
|
||||
policyDirectives);
|
||||
|
||||
this.headers.featurePolicy(policyDirectives);
|
||||
|
||||
assertHeaders();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void headersWhenContentSecurityPolicyEnabledThenFeaturePolicyWritten() {
|
||||
String policyDirectives = "default-src 'self'";
|
||||
this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY,
|
||||
policyDirectives);
|
||||
|
||||
this.headers.contentSecurityPolicy(policyDirectives);
|
||||
|
||||
assertHeaders();
|
||||
}
|
||||
|
||||
private void expectHeaderNamesNotPresent(String... headerNames) {
|
||||
for(String headerName : headerNames) {
|
||||
this.expectedHeaders.remove(headerName);
|
||||
|
||||
Reference in New Issue
Block a user