From eaaa813ede099f3d04fa52a7139c8be0848e042c Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 18 Dec 2023 09:41:23 -0700 Subject: [PATCH] Fix header value typo Closes gh-11948 --- .../annotation/web/configurers/HeadersConfigurer.java | 2 +- .../security/config/web/server/HeaderSpecTests.java | 4 ++-- .../security/config/web/server/ServerHeadersDslTests.kt | 2 +- .../config/web/server/ServerHttpSecurityDslTests.kt | 2 +- .../config/web/server/ServerXssProtectionDslTests.kt | 2 +- .../web/header/writers/XXssProtectionHeaderWriter.java | 4 ++-- .../header/XXssProtectionServerHttpHeadersWriter.java | 6 +++--- .../header/XXssProtectionServerHttpHeadersWriterTests.java | 4 ++-- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java index 6ed939d180a..a8755a52ddd 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java @@ -801,7 +801,7 @@ public XXssConfig xssProtectionEnabled(boolean enabled) { * replaced with "#". For example: * *
-		 * X-XSS-Protection: 1 ; mode=block
+		 * X-XSS-Protection: 1; mode=block
 		 * 
* @param headerValue the new header value * @since 5.8 diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java index 8f04e201003..baf1e00199f 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java @@ -75,7 +75,7 @@ public void setup() { this.expectedHeaders.add(HttpHeaders.EXPIRES, "0"); this.expectedHeaders.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff"); this.expectedHeaders.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "DENY"); - this.expectedHeaders.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block"); + this.expectedHeaders.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block"); } @Test @@ -320,7 +320,7 @@ public void headersWhenXssProtectionValueEnabledThenXssProtectionWritten() { @Test public void headersWhenXssProtectionValueEnabledModeBlockThenXssProtectionWritten() { - this.expectedHeaders.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block"); + this.expectedHeaders.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block"); // @formatter:off this.http.headers() .xssProtection() diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt index c68de3b4e7b..1e794b6a066 100644 --- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt @@ -70,7 +70,7 @@ class ServerHeadersDslTests { .expectHeader().valueEquals(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate") .expectHeader().valueEquals(HttpHeaders.EXPIRES, "0") .expectHeader().valueEquals(HttpHeaders.PRAGMA, "no-cache") - .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block") + .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block") } @EnableWebFluxSecurity diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDslTests.kt index eaebb5643ec..6a6e9248837 100644 --- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDslTests.kt @@ -123,7 +123,7 @@ class ServerHttpSecurityDslTests { .expectHeader().valueEquals(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate") .expectHeader().valueEquals(HttpHeaders.EXPIRES, "0") .expectHeader().valueEquals(HttpHeaders.PRAGMA, "no-cache") - .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block") + .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block") } @EnableWebFluxSecurity diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerXssProtectionDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerXssProtectionDslTests.kt index 7e0799980db..e2483291640 100644 --- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerXssProtectionDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerXssProtectionDslTests.kt @@ -56,7 +56,7 @@ class ServerXssProtectionDslTests { this.client.get() .uri("/") .exchange() - .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block") + .expectHeader().valueEquals(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1; mode=block") } @EnableWebFluxSecurity diff --git a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java index 4f16ac3bfd6..3e7b6ab634d 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriter.java @@ -122,7 +122,7 @@ public void setBlock(boolean block) { * specify mode as blocked. The content will be replaced with "#". For example: * *
-	 * X-XSS-Protection: 1 ; mode=block
+	 * X-XSS-Protection: 1; mode=block
 	 * 
* @param headerValue the new header value * @throws IllegalArgumentException when headerValue is null @@ -134,7 +134,7 @@ public void setHeaderValue(HeaderValue headerValue) { } /** - * The value of the x-xss-protection header. One of: "0", "1", "1 ; mode=block" + * The value of the x-xss-protection header. One of: "0", "1", "1; mode=block" * * @author Daniel Garnier-Moiroux * @since 5.8 diff --git a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java index 7caa214358a..23e202b51b5 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java @@ -122,7 +122,7 @@ public void setBlock(boolean block) { * specify mode as blocked. The content will be replaced with "#". For example: * *
-	 * X-XSS-Protection: 1 ; mode=block
+	 * X-XSS-Protection: 1; mode=block
 	 * 
* @param headerValue the new headerValue * @throws IllegalArgumentException if headerValue is null @@ -135,14 +135,14 @@ public void setHeaderValue(HeaderValue headerValue) { } /** - * The value of the x-xss-protection header. One of: "0", "1", "1 ; mode=block" + * The value of the x-xss-protection header. One of: "0", "1", "1; mode=block" * * @author Daniel Garnier-Moiroux * @since 5.8 */ public enum HeaderValue { - DISABLED("0"), ENABLED("1"), ENABLED_MODE_BLOCK("1 ; mode=block"); + DISABLED("0"), ENABLED("1"), ENABLED_MODE_BLOCK("1; mode=block"); private final String value; diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java index 17ad86f883e..cfc39f39949 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java @@ -49,7 +49,7 @@ public void writeHeadersWhenNoHeadersThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) - .containsOnly("1 ; mode=block"); + .containsOnly("1; mode=block"); } @Test @@ -99,7 +99,7 @@ void writeHeadersWhenEnabledModeBlockThenWriteHeaders() { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) - .containsOnly("1 ; mode=block"); + .containsOnly("1; mode=block"); } }