|
@@ -28,7 +28,7 @@ import org.springframework.test.web.reactive.server.FluxExchangeResult;
|
|
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
|
|
|
|
|
|
|
import java.time.Duration;
|
|
import java.time.Duration;
|
|
|
-import java.util.Collections;
|
|
|
|
|
|
|
+import java.util.HashSet;
|
|
|
import java.util.List;
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
import java.util.Map;
|
|
|
import java.util.Set;
|
|
import java.util.Set;
|
|
@@ -45,7 +45,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
HttpHeaders expectedHeaders = new HttpHeaders();
|
|
HttpHeaders expectedHeaders = new HttpHeaders();
|
|
|
|
|
|
|
|
- Set<String> ignoredHeaderNames = Collections.singleton(HttpHeaders.CONTENT_TYPE);
|
|
|
|
|
|
|
+ Set<String> headerNamesNotPresent = new HashSet<>();
|
|
|
|
|
|
|
|
@Before
|
|
@Before
|
|
|
public void setup() {
|
|
public void setup() {
|
|
@@ -67,9 +67,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenCacheDisableThenCacheNotWritten() {
|
|
public void headersWhenCacheDisableThenCacheNotWritten() {
|
|
|
- this.expectedHeaders.remove(HttpHeaders.CACHE_CONTROL);
|
|
|
|
|
- this.expectedHeaders.remove(HttpHeaders.PRAGMA);
|
|
|
|
|
- this.expectedHeaders.remove(HttpHeaders.EXPIRES);
|
|
|
|
|
|
|
+ expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES);
|
|
|
this.headers.cache().disable();
|
|
this.headers.cache().disable();
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
@@ -77,7 +75,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
|
|
public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
|
|
|
- this.expectedHeaders.remove(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
|
|
|
|
|
|
|
+ expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
|
|
|
this.headers.contentTypeOptions().disable();
|
|
this.headers.contentTypeOptions().disable();
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
@@ -85,7 +83,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenHstsDisableThenHstsNotWritten() {
|
|
public void headersWhenHstsDisableThenHstsNotWritten() {
|
|
|
- this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
|
|
|
|
|
|
+ expectHeaderNamesNotPresent(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
|
|
|
this.headers.hsts().disable();
|
|
this.headers.hsts().disable();
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
@@ -103,7 +101,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
|
|
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
|
|
|
- this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
|
|
|
|
|
|
+ expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
|
|
this.headers.frameOptions().disable();
|
|
this.headers.frameOptions().disable();
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
@@ -111,9 +109,7 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
|
|
public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
|
|
|
- this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
|
|
|
|
|
- this.expectedHeaders
|
|
|
|
|
- .add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
|
|
|
|
|
|
|
+ this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
|
|
|
this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
|
|
this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
@@ -121,12 +117,19 @@ public class HeaderSpecTests {
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
|
public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() {
|
|
public void headersWhenXssProtectionDisableThenXssProtectionNotWritten() {
|
|
|
- this.expectedHeaders.remove("X-Xss-Protection");
|
|
|
|
|
|
|
+ expectHeaderNamesNotPresent("X-Xss-Protection");
|
|
|
this.headers.xssProtection().disable();
|
|
this.headers.xssProtection().disable();
|
|
|
|
|
|
|
|
assertHeaders();
|
|
assertHeaders();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ private void expectHeaderNamesNotPresent(String... headerNames) {
|
|
|
|
|
+ for(String headerName : headerNames) {
|
|
|
|
|
+ this.expectedHeaders.remove(headerName);
|
|
|
|
|
+ this.headerNamesNotPresent.add(headerName);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
private void assertHeaders() {
|
|
private void assertHeaders() {
|
|
|
WebTestClient client = buildClient();
|
|
WebTestClient client = buildClient();
|
|
|
FluxExchangeResult<String> response = client.get()
|
|
FluxExchangeResult<String> response = client.get()
|
|
@@ -135,10 +138,12 @@ public class HeaderSpecTests {
|
|
|
.returnResult(String.class);
|
|
.returnResult(String.class);
|
|
|
|
|
|
|
|
Map<String, List<String>> responseHeaders = response.getResponseHeaders();
|
|
Map<String, List<String>> responseHeaders = response.getResponseHeaders();
|
|
|
- this.ignoredHeaderNames.stream().forEach(responseHeaders::remove);
|
|
|
|
|
|
|
|
|
|
- assertThat(responseHeaders).describedAs(response.toString()).isEqualTo(
|
|
|
|
|
|
|
+ assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(
|
|
|
this.expectedHeaders);
|
|
this.expectedHeaders);
|
|
|
|
|
+ if (!this.headerNamesNotPresent.isEmpty()) {
|
|
|
|
|
+ assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
private WebTestClient buildClient() {
|
|
private WebTestClient buildClient() {
|
Rob Winch