-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http: add X-Content-Type-Options header support
- Loading branch information
1 parent
e93a97e
commit 185fa19
Showing
4 changed files
with
85 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
src/main/kotlin/br/ufpe/liber/controllers/XContentTypeOptionsFilter.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package br.ufpe.liber.controllers | ||
|
||
import io.micronaut.core.order.Ordered | ||
import io.micronaut.http.MutableHttpResponse | ||
import io.micronaut.http.annotation.Filter | ||
import io.micronaut.http.annotation.ResponseFilter | ||
import io.micronaut.http.annotation.ServerFilter | ||
import io.micronaut.http.filter.ServerFilterPhase | ||
|
||
@ServerFilter(Filter.MATCH_ALL_PATTERN) | ||
@Suppress("CLASS_NAME_INCORRECT") | ||
class XContentTypeOptionsFilter : Ordered { | ||
@ResponseFilter | ||
fun addHeader(res: MutableHttpResponse<Any>) = res.header("X-Content-Type-Options", "nosniff") | ||
|
||
override fun getOrder(): Int = ServerFilterPhase.LAST.order() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package br.ufpe.liber | ||
|
||
import io.micronaut.http.HttpResponse | ||
import io.micronaut.http.client.BlockingHttpClient | ||
|
||
// DO NOT EDIT: this file is automatically synced from the template repository | ||
// in https://github.com/Liber-UFPE/project-starter. | ||
|
||
fun BlockingHttpClient.get(path: String): HttpResponse<String> = this.exchange( | ||
path, | ||
String::class.java, | ||
String::class.java, | ||
) |
49 changes: 49 additions & 0 deletions
49
src/test/kotlin/br/ufpe/liber/controllers/XContentTypeOptionsFilterTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package br.ufpe.liber.controllers | ||
|
||
import br.ufpe.liber.assets.AssetsResolver | ||
import br.ufpe.liber.get | ||
import io.kotest.core.spec.style.BehaviorSpec | ||
import io.kotest.matchers.shouldBe | ||
import io.micronaut.context.ApplicationContext | ||
import io.micronaut.http.client.DefaultHttpClientConfiguration | ||
import io.micronaut.http.client.HttpClient | ||
import io.micronaut.http.filter.ServerFilterPhase | ||
import io.micronaut.kotlin.context.getBean | ||
import io.micronaut.runtime.server.EmbeddedServer | ||
import io.micronaut.test.extensions.kotest5.annotation.MicronautTest | ||
|
||
@MicronautTest | ||
@Suppress("CLASS_NAME_INCORRECT") | ||
class XContentTypeOptionsFilterTest( | ||
private val server: EmbeddedServer, | ||
private val context: ApplicationContext, | ||
) : BehaviorSpec({ | ||
val client = context | ||
.createBean( | ||
HttpClient::class.java, | ||
server.url, | ||
DefaultHttpClientConfiguration().apply { isExceptionOnErrorStatus = false }, | ||
) | ||
.toBlocking() | ||
|
||
beforeSpec { | ||
// AssetsResolver initializes a lateinit property used by the view helpers | ||
context.getBean(AssetsResolver::class.java) | ||
} | ||
|
||
given("XContentTypeOptionsFilter") { | ||
`when`("a request is made") { | ||
val response = client.get("/") | ||
then("add the X-Content-Type-Options header") { | ||
response.header("X-Content-Type-Options") shouldBe "nosniff" | ||
} | ||
} | ||
|
||
`when`("ordering filters") { | ||
then("it should be the last one") { | ||
val filter = context.getBean<XContentTypeOptionsFilter>() | ||
filter.order shouldBe ServerFilterPhase.LAST.order() | ||
} | ||
} | ||
} | ||
}) |