// Clickjacking protection
// See https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE
- // The protection is disabled on purpose for integration in external systems like VSTS (/integration/vsts/index.html).
+ // The protection is disabled on purpose for integration in external systems like Github (/integration/github).
String path = httpRequest.getRequestURI().replaceFirst(httpRequest.getContextPath(), "");
if (!path.startsWith("/integration/")) {
httpResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
private static final String INDEX_HTML_PATH = "/index.html";
- private static final Set<String> HTML_PATHS = ImmutableSet.of(INDEX_HTML_PATH, "/integration/vsts/index.html");
+ private static final Set<String> HTML_PATHS = ImmutableSet.of(INDEX_HTML_PATH);
private final Platform platform;
private final Configuration configuration;
@Test
public void do_not_set_frame_protection_on_integration_resources() throws Exception {
- HttpServletRequest request = newRequest("GET", "/integration/vsts/index.html");
+ HttpServletRequest request = newRequest("GET", "/integration/github");
underTest.doFilter(request, response, chain);
public void do_not_set_frame_protection_on_integration_resources_with_context() throws Exception {
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getMethod()).thenReturn("GET");
- when(request.getRequestURI()).thenReturn("/sonarqube/integration/vsts/index.html");
+ when(request.getRequestURI()).thenReturn("/sonarqube/integration/github");
when(request.getContextPath()).thenReturn("/sonarqube");
underTest.doFilter(request, response, chain);
when(servletContext.getResourceAsStream("/index.html")).thenAnswer(
(Answer<InputStream>) invocationOnMock -> toInputStream("Content of default index.html with context [%WEB_CONTEXT%], status [%SERVER_STATUS%], instance [%INSTANCE%]",
UTF_8));
- when(servletContext.getResourceAsStream("/integration/vsts/index.html"))
- .thenAnswer((Answer<InputStream>) invocationOnMock -> toInputStream("Content of vsts index.html with context [%WEB_CONTEXT%]", UTF_8));
}
@Test
assertThat(underTest.getContent("/foo.html")).contains(TEST_CONTEXT).contains("default");
assertThat(underTest.getContent("/index")).contains(TEST_CONTEXT).contains("default");
assertThat(underTest.getContent("/index.html")).contains(TEST_CONTEXT).contains("default");
- assertThat(underTest.getContent("/integration/vsts/index.html")).contains(TEST_CONTEXT).contains("vsts");
}
@Test