Commit 64ef02af authored by Piotr Gawron's avatar Piotr Gawron
Browse files

xframe filter should work on every request

parent 09628be3
......@@ -11,6 +11,7 @@ import org.apache.logging.log4j.Logger;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.ContextConfiguration;
......@@ -21,6 +22,8 @@ import org.springframework.transaction.annotation.Transactional;
import com.google.gson.JsonParser;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.services.interfaces.IConfigurationService;
import lcsb.mapviewer.web.config.SpringWebConfig;
@RunWith(SpringJUnit4ClassRunner.class)
......@@ -34,6 +37,9 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
private static final String TEST_USER_LOGIN = "test_user";
static Logger logger = LogManager.getLogger(SpringSecurityGeneralIntegrationTest.class);
@Autowired
IConfigurationService configurationService;
@Before
public void setup() {
createUser(TEST_USER_LOGIN, TEST_USER_PASSWORD);
......@@ -141,6 +147,26 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
assertFalse(response.getHeaderNames().contains("Vary"));
}
@Test
public void testXFrameFilter() throws Exception {
configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "minerva.uni.lu");
RequestBuilder request = get("/");
MockHttpServletResponse response = mockMvc.perform(request)
.andExpect(status().is2xxSuccessful())
.andReturn().getResponse();
assertTrue(response.getHeaderNames().contains("Content-Security-Policy"));
}
@Test
public void testXFrameFilterDisabled() throws Exception {
configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "");
RequestBuilder request = get("/");
MockHttpServletResponse response = mockMvc.perform(request)
.andExpect(status().is2xxSuccessful())
.andReturn().getResponse();
assertFalse(response.getHeaderNames().contains("Content-Security-Policy"));
}
@Test
public void testDisableCacheForApiRequest() throws Exception {
RequestBuilder request = get("/configuration/");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment