Commit f0c47f5b authored by Piotr Gawron's avatar Piotr Gawron
Browse files

XFrameFilter is global

parent 752c6c71
......@@ -13,6 +13,7 @@ import lcsb.mapviewer.api.SpringRestApiConfig;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.persist.SpringPersistConfig;
import lcsb.mapviewer.services.SpringServiceConfig;
import lcsb.mapviewer.web.bean.utils.XFrameFilter;
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
......@@ -38,6 +39,10 @@ public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServlet
return new String[] { "/", "/api/*" };
}
@Override
protected Filter[] getServletFilters() {
return new Filter[]{new XFrameFilter()};
}
@Override
public void onStartup(ServletContext container) throws ServletException {
assert container.setInitParameter("com.sun.faces.enableMissingResourceLibraryDetection", "true");
......
......@@ -149,10 +149,10 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
@Test
public void testXFrameFilter() throws Exception {
configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "minerva.uni.lu");
RequestBuilder request = get("/");
configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "https://minerva.uni.lu");
RequestBuilder request = get("/asd");
MockHttpServletResponse response = mockMvc.perform(request)
.andExpect(status().is2xxSuccessful())
.andExpect(status().is4xxClientError())
.andReturn().getResponse();
assertTrue(response.getHeaderNames().contains("Content-Security-Policy"));
}
......@@ -160,9 +160,9 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
@Test
public void testXFrameFilterDisabled() throws Exception {
configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "");
RequestBuilder request = get("/");
RequestBuilder request = get("/asd");
MockHttpServletResponse response = mockMvc.perform(request)
.andExpect(status().is2xxSuccessful())
.andExpect(status().is4xxClientError())
.andReturn().getResponse();
assertFalse(response.getHeaderNames().contains("Content-Security-Policy"));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment