You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2018/06/13 23:18:57 UTC
nifi git commit: NIFI-5258 - Changed addHeader to setHeader which
stops X-Frame-Options being added twice to responses. Added unit test.
Repository: nifi
Updated Branches:
refs/heads/master 275b8cbf2 -> dbf259508
NIFI-5258 - Changed addHeader to setHeader which stops X-Frame-Options being added twice to responses. Added unit test.
This closes #2791.
Signed-off-by: Andy LoPresto <al...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/dbf25950
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/dbf25950
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/dbf25950
Branch: refs/heads/master
Commit: dbf259508c2b8e176d8cb837177aaadbf44f0670
Parents: 275b8cb
Author: thenatog <th...@gmail.com>
Authored: Wed Jun 13 17:05:57 2018 -0400
Committer: Andy LoPresto <al...@apache.org>
Committed: Wed Jun 13 16:13:53 2018 -0700
----------------------------------------------------------------------
.../nifi-framework/nifi-web/nifi-jetty/pom.xml | 6 ++
.../org/apache/nifi/web/server/JettyServer.java | 71 ++++++++++----------
.../apache/nifi/web/server/JettyServerTest.java | 47 +++++++++++--
3 files changed, 84 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/dbf25950/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
index 3d1c6ba..b9a46b6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
@@ -194,6 +194,12 @@
<version>1.16.0</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <version>5.0.6.RELEASE</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/nifi/blob/dbf25950/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index ac6ec90..bcada35 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -18,40 +18,6 @@ package org.apache.nifi.web.server;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileFilter;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.nio.file.Paths;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-import java.util.stream.Collectors;
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.NiFiServer;
@@ -105,6 +71,41 @@ import org.springframework.context.ApplicationContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
+import javax.servlet.DispatcherType;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.stream.Collectors;
+
/**
* Encapsulates the Jetty instance.
*/
@@ -1033,7 +1034,7 @@ public class JettyServer implements NiFiServer {
// set frame options accordingly
final HttpServletResponse response = (HttpServletResponse) resp;
- response.addHeader(FRAME_OPTIONS, SAME_ORIGIN);
+ response.setHeader(FRAME_OPTIONS, SAME_ORIGIN);
filterChain.doFilter(req, resp);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/dbf25950/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/JettyServerTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/JettyServerTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/JettyServerTest.java
index 29b43e0..618b2d7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/JettyServerTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/JettyServerTest.java
@@ -17,20 +17,32 @@
package org.apache.nifi.web.server;
-import java.lang.reflect.InvocationTargetException;
-import java.util.HashMap;
-import java.util.Map;
-
import org.apache.nifi.security.util.KeystoreType;
+import org.apache.nifi.util.NiFiProperties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.eclipse.jetty.util.ssl.SslContextFactory;
-import org.apache.nifi.util.NiFiProperties;
import org.junit.Test;
+import org.mockito.Mockito;
+import org.springframework.mock.web.MockHttpServletResponse;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.util.HashMap;
+import java.util.Map;
+import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
public class JettyServerTest {
@Test
@@ -142,4 +154,29 @@ public class JettyServerTest {
verify(contextFactory).setTrustStoreType(trustStoreType);
verify(contextFactory).setTrustStoreProvider(BouncyCastleProvider.PROVIDER_NAME);
}
+
+ @Test
+ public void testNoDuplicateXFrameOptions() throws NoSuchFieldException, IllegalAccessException, ServletException, IOException {
+ Field xOptionsFilter = JettyServer.class.getDeclaredField("FRAME_OPTIONS_FILTER");
+ xOptionsFilter.setAccessible(true);
+ Filter filter = (Filter) xOptionsFilter.get(xOptionsFilter);
+
+ HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getRequestURI()).thenReturn("/");
+
+ MockHttpServletResponse mockResponse = new MockHttpServletResponse();
+ FilterChain mockFilterChain = Mockito.mock(FilterChain.class);
+ ServletContext mockContext = Mockito.mock(ServletContext.class);
+ FilterConfig mockFilterConfig = Mockito.mock(FilterConfig.class);
+
+ when(mockFilterConfig.getServletContext()).thenReturn(mockContext);
+
+ filter.init(mockFilterConfig);
+
+ // Call doFilter twice, then check the header only appears once.
+ filter.doFilter(mockRequest, mockResponse, mockFilterChain);
+ filter.doFilter(mockRequest, mockResponse, mockFilterChain);
+
+ assertEquals(1, mockResponse.getHeaders("X-Frame-Options").size());
+ }
}