Add preload support to Strict-Transport-Security
1. Preload support in Servlet Security(XML & Java) 2. Preload support in Reactive Security 3. Test for preload support in Servlet Security 4. Test for preload support in Reactive Security Fixes: gh-6312
This commit is contained in:
@@ -50,7 +50,7 @@ public class XsdDocumentedTests {
|
||||
String referenceLocation = "../docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc";
|
||||
|
||||
String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";
|
||||
String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.1.xsd";
|
||||
String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.2.xsd";
|
||||
|
||||
XmlSupport xml = new XmlSupport();
|
||||
|
||||
@@ -142,8 +142,8 @@ public class XsdDocumentedTests {
|
||||
|
||||
String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd"));
|
||||
|
||||
assertThat(schemas.length).isEqualTo(13)
|
||||
.withFailMessage("the count is equal to 12, if not then schemaDocument needs updating");
|
||||
assertThat(schemas.length).isEqualTo(14)
|
||||
.withFailMessage("the count is equal to 14, if not then schemaDocument needs updating");
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -125,6 +125,17 @@ public class HeaderSpecTests {
|
||||
assertHeaders();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void headersWhenHstsCustomWithPreloadThenCustomHstsWritten() {
|
||||
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
||||
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload");
|
||||
this.headers.hsts()
|
||||
.maxAge(Duration.ofSeconds(60))
|
||||
.preload(true);
|
||||
|
||||
assertHeaders();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
|
||||
expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
||||
|
||||
Reference in New Issue
Block a user