Skip to content

Commit 6af47d6

Browse files
mscibiliamscibilia
committed
refactor: Refactored to remove hasH2Console boolean flag and replace it with a check on the H2 console properties/path.
Fix #1307
1 parent 98c17a3 commit 6af47d6

File tree

3 files changed

+16
-28
lines changed

3 files changed

+16
-28
lines changed

src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,6 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
151151

152152
private final boolean useCdn;
153153
private final boolean useSingleHost;
154-
private final boolean hasH2Console;
155154
private final String host;
156155
private final String h2ConsolePath;
157156

@@ -167,7 +166,7 @@ public void writeHeaders(HttpServletRequest request, HttpServletResponse respons
167166
protected String constructDirectives(String uri) {
168167
boolean onCollectionInfoPage = uri.startsWith(COLLECTION_INFO_PAGE_PATTERN);
169168
boolean onAddSeriesPage = uri.equals(SeriesUrl.ADD_SERIES_PAGE);
170-
boolean onH2ConsolePage = hasH2Console && uri.startsWith(h2ConsolePath);
169+
boolean onH2ConsolePage = h2ConsolePath != null && uri.startsWith(h2ConsolePath);
171170

172171
StringBuilder sb = new StringBuilder();
173172

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -87,22 +87,21 @@ public void configure(WebSecurity web) throws Exception {
8787
protected void configure(HttpSecurity http) throws Exception {
8888
boolean useSingleHost = !environment.acceptsProfiles("prod");
8989
boolean useCdn = environment.getProperty("app.use-cdn", Boolean.class, Boolean.TRUE);
90-
boolean hasH2Console = environment.acceptsProfiles("test");
9190

9291
// @todo #226 Introduce app.use-public-hostname property
9392
boolean usePublicHostname = environment.acceptsProfiles("prod");
9493
String hostname = usePublicHostname ? SiteUrl.PUBLIC_URL : SiteUrl.SITE;
9594

96-
String h2ConsolePath = hasH2Console ? h2ConsoleProperties.getPath() : null;
95+
String h2ConsolePath = h2ConsoleProperties == null ? null : h2ConsoleProperties.getPath();
9796

9897
// Allow unsecured requests to H2 consoles if available.
9998
// See also spring.h2.console.path in application-test.properties
10099
String[] pathsToIgnore =
101-
hasH2Console ? new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER}
102-
: new String[]{SiteUrl.CSP_REPORTS_HANDLER};
100+
h2ConsolePath == null ? new String[]{SiteUrl.CSP_REPORTS_HANDLER}
101+
: new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER};
103102

104103
ContentSecurityPolicyHeaderWriter cspWriter =
105-
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname, h2ConsolePath);
104+
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hostname, h2ConsolePath);
106105

107106
http
108107
.authorizeRequests()

src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java

Lines changed: 11 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
import javax.servlet.http.HttpServletResponse;
3232

3333
import static io.qala.datagen.RandomShortApi.bool;
34+
import static io.qala.datagen.RandomShortApi.nullOr;
3435

3536
public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
3637

@@ -51,11 +52,10 @@ public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
5152
public void writeContentSecurityPolicyHeader() {
5253
// given
5354
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
54-
bool(),
5555
bool(),
5656
bool(),
5757
Random.host(),
58-
H2_CONSOLE_PATH
58+
nullOr(H2_CONSOLE_PATH)
5959
);
6060
HttpServletRequest request = new MockHttpServletRequest();
6161
HttpServletResponse response = new MockHttpServletResponse();
@@ -85,9 +85,8 @@ public void onIndexPageWithLocalResources() {
8585
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
8686
false,
8787
true,
88-
bool(),
8988
SiteUrl.SITE,
90-
H2_CONSOLE_PATH
89+
nullOr(H2_CONSOLE_PATH)
9190
);
9291
String[] directives = writer.constructDirectives("/").split(";");
9392

@@ -108,9 +107,8 @@ public void onIndexPageWithResourcesFromCdn() {
108107
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
109108
true,
110109
false,
111-
bool(),
112110
SiteUrl.PUBLIC_URL,
113-
H2_CONSOLE_PATH
111+
nullOr(H2_CONSOLE_PATH)
114112
);
115113
String[] directives = writer.constructDirectives("/").split(";");
116114

@@ -144,9 +142,8 @@ public void onCollectionInfoPageWithLocalResources() {
144142
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
145143
false,
146144
true,
147-
bool(),
148145
Random.host(),
149-
H2_CONSOLE_PATH
146+
nullOr(H2_CONSOLE_PATH)
150147
);
151148
String[] directives = writer.constructDirectives("/collection/user").split(";");
152149

@@ -176,9 +173,8 @@ public void onCollectionInfoPageWithResourcesFromCdn() {
176173
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
177174
true,
178175
false,
179-
bool(),
180176
Random.host(),
181-
H2_CONSOLE_PATH
177+
nullOr(H2_CONSOLE_PATH)
182178
);
183179
String[] directives = writer.constructDirectives("/collection/user").split(";");
184180

@@ -211,9 +207,8 @@ public void onSeriesAddImagePageWithLocalResources() {
211207
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
212208
false,
213209
true,
214-
bool(),
215210
Random.host(),
216-
H2_CONSOLE_PATH
211+
nullOr(H2_CONSOLE_PATH)
217212
);
218213

219214
for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
@@ -239,9 +234,8 @@ public void onSeriesAddImagePageWithResourcesFromCdn() {
239234
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
240235
true,
241236
false,
242-
bool(),
243237
Random.host(),
244-
H2_CONSOLE_PATH
238+
nullOr(H2_CONSOLE_PATH)
245239
);
246240

247241
for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
@@ -277,9 +271,8 @@ public void onSeriesAddPageWithLocalResources() {
277271
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
278272
false,
279273
true,
280-
bool(),
281274
Random.host(),
282-
H2_CONSOLE_PATH
275+
nullOr(H2_CONSOLE_PATH)
283276
);
284277
String[] directives = writer.constructDirectives("/series/add").split(";");
285278

@@ -310,9 +303,8 @@ public void onSeriesAddPageWithResourcesFromCdn() {
310303
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
311304
true,
312305
false,
313-
bool(),
314306
Random.host(),
315-
H2_CONSOLE_PATH
307+
nullOr(H2_CONSOLE_PATH)
316308
);
317309
String[] directives = writer.constructDirectives("/series/add").split(";");
318310

@@ -346,7 +338,6 @@ public void onH2ConsoleWithLocalResources() {
346338
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
347339
false,
348340
true,
349-
true,
350341
Random.host(),
351342
H2_CONSOLE_PATH
352343
);
@@ -379,9 +370,8 @@ public void onH2ConsoleWithResourcesFromCdn() {
379370
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
380371
true,
381372
false,
382-
false,
383373
Random.host(),
384-
H2_CONSOLE_PATH
374+
null
385375
);
386376
String[] directives = writer.constructDirectives("/console/").split(";");
387377

0 commit comments

Comments
 (0)