AUTH-32 add header

appNG · Feb 16, 2022 · 45fe47d · 45fe47d
1 parent 72532fa
commit 45fe47d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/src/main/java/org/appng/application/authentication/webform/LoginForm.java b/src/main/java/org/appng/application/authentication/webform/LoginForm.java
@@ -64,6 +64,8 @@ public DataContainer getData(Site site, Application application, Environment env
 			dataContainer.getSelections().add(langSelection);
 		}
 		dataContainer.setItem(new LoginData());
+		((DefaultEnvironment) environment).getServletResponse()
+				.setHeader(com.google.common.net.HttpHeaders.CONTENT_SECURITY_POLICY, "frame-ancestors 'none'");
 		return dataContainer;
 	}
 

diff --git a/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java b/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java
@@ -31,6 +31,8 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.google.common.net.HttpHeaders;
+
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public class LoginUserTest extends BaseLoginTest {
 
@@ -61,7 +63,10 @@ public void testLoginOK() throws Exception {
 
 		Mockito.verify(site).sendRedirect(Mockito.eq(environment), Mockito.eq("/manager/appng/appng-manager"),
 				Mockito.eq(HttpStatus.FOUND.value()));
-		((DefaultEnvironment) environment).logoutSubject();
+		DefaultEnvironment defaultEnv = (DefaultEnvironment) environment;
+		defaultEnv.logoutSubject();
+		Assert.assertEquals("frame-ancestors 'none'",
+				defaultEnv.getServletResponse().getHeader(HttpHeaders.CONTENT_SECURITY_POLICY));
 	}
 
 	@Test