xframe filter should work on every request

64ef02af · Piotr Gawron · 09628be3 · 64ef02af
Commit 64ef02af authored 5 years ago by Piotr Gawron
--- a/web/src/test/java/lcsb/mapviewer/web/SpringSecurityGeneralIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/SpringSecurityGeneralIntegrationTest.java
@@ -11,6 +11,7 @@ import org.apache.logging.log4j.Logger;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.annotation.Rollback;
 import org.springframework.test.context.ContextConfiguration;
@@ -21,6 +22,8 @@ import org.springframework.transaction.annotation.Transactional;

 import com.google.gson.JsonParser;

+import lcsb.mapviewer.model.user.ConfigurationElementType;
+import lcsb.mapviewer.services.interfaces.IConfigurationService;
 import lcsb.mapviewer.web.config.SpringWebConfig;

 @RunWith(SpringJUnit4ClassRunner.class)
@@ -34,6 +37,9 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
  private static final String TEST_USER_LOGIN = "test_user";
  static Logger logger = LogManager.getLogger(SpringSecurityGeneralIntegrationTest.class);

+  @Autowired
+  IConfigurationService configurationService;
+  
  @Before
  public void setup() {
    createUser(TEST_USER_LOGIN, TEST_USER_PASSWORD);
@@ -141,6 +147,26 @@ public class SpringSecurityGeneralIntegrationTest extends ControllerIntegrationT
    assertFalse(response.getHeaderNames().contains("Vary"));
  }

+  @Test
+  public void testXFrameFilter() throws Exception {
+    configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "minerva.uni.lu");
+    RequestBuilder request = get("/");
+    MockHttpServletResponse response = mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful())
+        .andReturn().getResponse();
+    assertTrue(response.getHeaderNames().contains("Content-Security-Policy"));
+  }
+
+  @Test
+  public void testXFrameFilterDisabled() throws Exception {
+    configurationService.setConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN, "");
+    RequestBuilder request = get("/");
+    MockHttpServletResponse response = mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful())
+        .andReturn().getResponse();
+    assertFalse(response.getHeaderNames().contains("Content-Security-Policy"));
+  }
+
  @Test
  public void testDisableCacheForApiRequest() throws Exception {
    RequestBuilder request = get("/configuration/");