Merge branch '5.8.x'
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -94,4 +94,34 @@ public class XXssProtectionHeaderWriterTests {
|
||||
assertThat(this.response.getHeader(XSS_PROTECTION_HEADER)).isSameAs(value);
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeaderWhenDisabled() {
|
||||
this.writer.setHeaderValue(XXssProtectionHeaderWriter.HeaderValue.DISABLED);
|
||||
this.writer.writeHeaders(this.request, this.response);
|
||||
assertThat(this.response.getHeaderNames()).hasSize(1);
|
||||
assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeaderWhenEnabled() {
|
||||
this.writer.setHeaderValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED);
|
||||
this.writer.writeHeaders(this.request, this.response);
|
||||
assertThat(this.response.getHeaderNames()).hasSize(1);
|
||||
assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1");
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeaderWhenEnabledModeBlock() {
|
||||
this.writer.setHeaderValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
|
||||
this.writer.writeHeaders(this.request, this.response);
|
||||
assertThat(this.response.getHeaderNames()).hasSize(1);
|
||||
assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("1; mode=block");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setHeaderValueNullThenThrowsIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setHeaderValue(null))
|
||||
.withMessage("headerValue cannot be null");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -24,6 +24,7 @@ import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -37,6 +38,12 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
|
||||
XXssProtectionServerHttpHeadersWriter writer = new XXssProtectionServerHttpHeadersWriter();
|
||||
|
||||
@Test
|
||||
void setHeaderValueNullThenThrowsIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setHeaderValue(null))
|
||||
.withMessage("headerValue cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
@@ -70,4 +77,29 @@ public class XXssProtectionServerHttpHeadersWriterTests {
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeadersWhenDisabledThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeadersWhenEnabledThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
|
||||
}
|
||||
|
||||
@Test
|
||||
void writeHeadersWhenEnabledModeBlockThenWriteHeaders() {
|
||||
this.writer.setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK);
|
||||
this.writer.writeHttpHeaders(this.exchange);
|
||||
assertThat(this.headers).hasSize(1);
|
||||
assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION))
|
||||
.containsOnly("1 ; mode=block");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user