首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header

Rob Winch 11 年之前
父节点
6de138c2f2
当前提交
e15cee62f4
共有 3 个文件被更改,包括 5 次插入5 次删除
合并视图 显示文件统计
  1. 1 1
      web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
  2. 2 2
      web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
  3. 2 2
      web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java

+ 1 - 1
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java
查看文件 

@@ -73,7 +73,7 @@ public class AbstractRequestParameterAllowFromStrategyTests {
 
 
 
         assertThat(
 
         assertThat(
 
                 strategy
 
                 strategy
 
-                        .getAllowFromValue(request)).isEqualTo("ALLOW-FROM "+value);
 
+                        .getAllowFromValue(request)).isEqualTo(value);
 
     }
 
     }
 
 
 
     @Test
 
     @Test

+ 2 - 2
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java
查看文件 

@@ -33,11 +33,11 @@ public class RegExpAllowFromStrategyTests {
 
 
 
         request.setParameter("from", "http://abc.test.com");
 
         request.setParameter("from", "http://abc.test.com");
 
         String result1 = strategy.getAllowFromValue(request);
 
         String result1 = strategy.getAllowFromValue(request);
 
-        assertThat(result1, is("ALLOW-FROM http://abc.test.com"));
 
+        assertThat(result1, is("http://abc.test.com"));
 
 
 
         request.setParameter("from", "http://foo.test.com");
 
         request.setParameter("from", "http://foo.test.com");
 
         String result2 = strategy.getAllowFromValue(request);
 
         String result2 = strategy.getAllowFromValue(request);
 
-        assertThat(result2, is("ALLOW-FROM http://foo.test.com"));
 
+        assertThat(result2, is("http://foo.test.com"));
 
 
 
         request.setParameter("from", "http://test.foobar.com");
 
         request.setParameter("from", "http://test.foobar.com");
 
         String result3 = strategy.getAllowFromValue(request);
 
         String result3 = strategy.getAllowFromValue(request);

+ 2 - 2
web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java
查看文件 

@@ -38,7 +38,7 @@ public class WhiteListedAllowFromStrategyTests {
 
         request.setParameter("from", "http://www.test.com");
 
         request.setParameter("from", "http://www.test.com");
 
 
 
         String result = strategy.getAllowFromValue(request);
 
         String result = strategy.getAllowFromValue(request);
 
-        assertThat(result, is("ALLOW-FROM http://www.test.com"));
 
+        assertThat(result, is("http://www.test.com"));
 
     }
 
     }
 
 
 
     @Test
 
     @Test
 
@@ -52,7 +52,7 @@ public class WhiteListedAllowFromStrategyTests {
 
         request.setParameter("from", "http://www.test.com");
 
         request.setParameter("from", "http://www.test.com");
 
 
 
         String result = strategy.getAllowFromValue(request);
 
         String result = strategy.getAllowFromValue(request);
 
-        assertThat(result, is("ALLOW-FROM http://www.test.com"));
 
+        assertThat(result, is("http://www.test.com"));
 
     }
 
     }
 
 
 
     @Test
 
     @Test