GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-2331: Cache Control now includes Expires: 0

pull/44/merge
Rob Winch 12 years ago
parent
c5c1419521
commit
8f8c6169e8
6 changed files with 12 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
  2. 2
      config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
  3. 2
      config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy
  4. 5
      config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
  5. 1
      web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
  6. 3
      web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java

1
config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
Unescape View File

@ -79,6 +79,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { @@ -79,6 +79,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'Expires' : '0',
'X-XSS-Protection' : '1; mode=block']
}

2
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
Unescape View File

@ -49,6 +49,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { @@ -49,6 +49,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block']
}
@ -128,6 +129,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { @@ -128,6 +129,7 @@ class HeadersConfigurerTests extends BaseSpringSpec {
springSecurityFilterChain.doFilter(request,response,chain)
then:
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache']
}

2
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy
Unescape View File

@ -49,6 +49,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { @@ -49,6 +49,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Pragma':'no-cache',
'Expires' : '0',
'X-XSS-Protection' : '1; mode=block']
}
@ -69,6 +70,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { @@ -69,6 +70,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec {
springSecurityFilterChain.doFilter(request,response,chain)
then:
responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache']
}

5
config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
Unescape View File

@ -54,6 +54,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { @@ -54,6 +54,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
'X-Frame-Options':'DENY',
'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache',
'X-XSS-Protection' : '1; mode=block'])
}
@ -332,7 +333,9 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { @@ -332,7 +333,9 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests {
when:
springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain())
then:
assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate','Pragma':'no-cache'])
assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
'Expires' : '0',
'Pragma':'no-cache'])
}
def 'http headers hsts'() {

1
web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
Unescape View File

@ -44,6 +44,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter { @@ -44,6 +44,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter {
List<Header> headers = new ArrayList<Header>(2);
headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate"));
headers.add(new Header("Pragma","no-cache"));
headers.add(new Header("Expires","0"));
return headers;
}
}

3
web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
Unescape View File

@ -47,8 +47,9 @@ public class CacheControlHeadersWriterTests { @@ -47,8 +47,9 @@ public class CacheControlHeadersWriterTests {
public void writeHeaders() {
writer.writeHeaders(request, response);
assertThat(response.getHeaderNames().size()).isEqualTo(2);
assertThat(response.getHeaderNames().size()).isEqualTo(3);
assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate"));
assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache"));
assertThat(response.getHeaderValues("Expires")).isEqualTo(Arrays.asList("0"));
}
}

Write Preview
Loading…
Cancel
Save