Fix ambiguous errors and remove duplicate header entries

Sources/VaporSecurityHeaders/Configurations/XSSProtectionConfiguration.swift

@@ -18,13 +18,13 @@ public struct XSSProtectionConfiguration: SecurityHeaderConfiguration {
     func setHeader(on response: Response, from request: Request) {
         switch option {
         case .disable:
-            response.headers.replaceOrAdd(name: .xXssProtection, value: "0")
+            response.headers.replaceOrAdd(name: .xssProtection, value: "0")
         case .enable:
-            response.headers.replaceOrAdd(name: .xXssProtection, value: "1")
+            response.headers.replaceOrAdd(name: .xssProtection, value: "1")
         case .block:
-            response.headers.replaceOrAdd(name: .xXssProtection, value: "1; mode=block")
+            response.headers.replaceOrAdd(name: .xssProtection, value: "1; mode=block")
         case .report(let uri):
-            response.headers.replaceOrAdd(name: .xXssProtection, value: "1; report=\(uri)")
+            response.headers.replaceOrAdd(name: .xssProtection, value: "1; report=\(uri)")
         }
     }
 }

Sources/VaporSecurityHeaders/SecurityHeaders+HeaderKey.swift

@@ -2,9 +2,6 @@ import Vapor
 
 public extension HTTPHeaders.Name {
 
-    static let contentSecurityPolicy = HTTPHeaders.Name("Content-Security-Policy")
-    static let xXssProtection = HTTPHeaders.Name("X-XSS-Protection")
-    static let xContentTypeOptions = HTTPHeaders.Name("X-Content-Type-Options")
     static let contentSecurityPolicyReportOnly = HTTPHeaders.Name("Content-Security-Policy-Report-Only")
     static let referrerPolicy = HTTPHeaders.Name("Referrer-Policy")
 }

Tests/VaporSecurityHeadersTests/HeaderTests.swift

@@ -44,7 +44,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
     }
 
     func testDefaultHeadersWithHSTS() throws {
@@ -59,7 +59,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
         XCTAssertEqual(expectedHSTSHeaderValue, response.headers[.strictTransportSecurity].first)
     }
 
@@ -74,7 +74,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
     }
 
     func testAPIHeadersWithHSTS() throws {
@@ -89,7 +89,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
         XCTAssertEqual(expectedHSTSHeaderValue, response.headers[.strictTransportSecurity].first)
     }
 
@@ -138,31 +138,31 @@ class HeaderTests: XCTestCase {
         let factory = SecurityHeadersFactory().with(XSSProtection: xssProtectionConfig)
         let response = try makeTestResponse(for: request, securityHeadersToAdd: factory)
 
-        XCTAssertEqual("0", response.headers[.xXssProtection].first)
+        XCTAssertEqual("0", response.headers[.xssProtection].first)
     }
 
     func testHeaderWithXssProtectionEnable() throws {
         let xssProtectionConfig = XSSProtectionConfiguration(option: .enable)
         let factory = SecurityHeadersFactory().with(XSSProtection: xssProtectionConfig)
         let response = try makeTestResponse(for: request, securityHeadersToAdd: factory)
 
-        XCTAssertEqual("1", response.headers[.xXssProtection].first)
+        XCTAssertEqual("1", response.headers[.xssProtection].first)
     }
 
     func testHeaderWithXssProtectionBlock() throws {
         let xssProtectionConfig = XSSProtectionConfiguration(option: .block)
         let factory = SecurityHeadersFactory().with(XSSProtection: xssProtectionConfig)
         let response = try makeTestResponse(for: request, securityHeadersToAdd: factory)
 
-        XCTAssertEqual("1; mode=block", response.headers[.xXssProtection].first)
+        XCTAssertEqual("1; mode=block", response.headers[.xssProtection].first)
     }
 
     func testHeaderWithXssProtectionReport() throws {
         let xssProtectionConfig = XSSProtectionConfiguration(option: .report(uri: "https://test.com"))
         let factory = SecurityHeadersFactory().with(XSSProtection: xssProtectionConfig)
         let response = try makeTestResponse(for: request, securityHeadersToAdd: factory)
 
-        XCTAssertEqual("1; report=https://test.com", response.headers[.xXssProtection].first)
+        XCTAssertEqual("1; report=https://test.com", response.headers[.xssProtection].first)
     }
 
     func testHeaderWithHSTSwithMaxAge() throws {
@@ -598,7 +598,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
     }
 
     func testStubFileMiddleware() throws {
@@ -612,7 +612,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
     }
 
     func testStubFileMiddlewareDifferentRequestReturnsDefaultCSPWhenSettingCustomCSPOnRoute() throws {
@@ -630,7 +630,7 @@ class HeaderTests: XCTestCase {
         XCTAssertEqual(expectedXCTOHeaderValue, response.headers[.xContentTypeOptions].first)
         XCTAssertEqual(expectedCSPHeaderValue, response.headers[.contentSecurityPolicy].first)
         XCTAssertEqual(expectedXFOHeaderValue, response.headers[.xFrameOptions].first)
-        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xXssProtection].first)
+        XCTAssertEqual(expectedXSSProtectionHeaderValue, response.headers[.xssProtection].first)
     }
 
     // MARK: - Private functions