DSL nested builder for HTTP security
DSL nested builder for HTTP security Fixes gh-5557
This commit is contained in:
+10
@@ -81,10 +81,20 @@ public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
|
||||
|
||||
private static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
|
||||
|
||||
private static final String DEFAULT_SRC_SELF_POLICY = "default-src 'self'";
|
||||
|
||||
private String policyDirectives;
|
||||
|
||||
private boolean reportOnly;
|
||||
|
||||
/**
|
||||
* Creates a new instance. Default value: default-src 'self'
|
||||
*/
|
||||
public ContentSecurityPolicyHeaderWriter() {
|
||||
setPolicyDirectives(DEFAULT_SRC_SELF_POLICY);
|
||||
this.reportOnly = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
*
|
||||
|
||||
+19
@@ -43,6 +43,15 @@ public class ContentSecurityPolicyHeaderWriterTests {
|
||||
writer = new ContentSecurityPolicyHeaderWriter(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersWhenNoPolicyDirectivesThenUsesDefault() {
|
||||
ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
|
||||
noPolicyWriter.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames()).hasSize(1);
|
||||
assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersContentSecurityPolicyDefault() {
|
||||
writer.writeHeaders(request, response);
|
||||
@@ -64,6 +73,16 @@ public class ContentSecurityPolicyHeaderWriterTests {
|
||||
assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(policyDirectives);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersWhenNoPolicyDirectivesReportOnlyThenUsesDefault() {
|
||||
ContentSecurityPolicyHeaderWriter noPolicyWriter = new ContentSecurityPolicyHeaderWriter();
|
||||
writer.setReportOnly(true);
|
||||
noPolicyWriter.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames()).hasSize(1);
|
||||
assertThat(response.getHeader("Content-Security-Policy")).isEqualTo(DEFAULT_POLICY_DIRECTIVES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersContentSecurityPolicyReportOnlyDefault() {
|
||||
writer.setReportOnly(true);
|
||||
|
||||
Reference in New Issue
Block a user