From e320ae1ed007cce92a568675064edca3921fbd76 Mon Sep 17 00:00:00 2001 From: Steve Marion Date: Fri, 23 Aug 2024 15:36:39 +0200 Subject: [PATCH] SONAR-19290 remove "X-Content-Security-Policy" and "X-WebKit-CSP" headers as they are deprecated and all the browser we support use "Content-Security-Policy". --- .../src/main/java/org/sonar/server/platform/web/CspFilter.java | 2 -- .../test/java/org/sonar/server/platform/web/CspFilterTest.java | 2 -- 2 files changed, 4 deletions(-) diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java index 822ae962a46..93ac1a8a1e4 100644 --- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java +++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java @@ -38,8 +38,6 @@ public class CspFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { cspHeaders.add("Content-Security-Policy"); - cspHeaders.add("X-Content-Security-Policy"); - cspHeaders.add("X-WebKit-CSP"); List cspPolicies = new ArrayList<>(); cspPolicies.add("default-src 'self'"); diff --git a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java index b021d79b96d..d4f1c1b2e7b 100644 --- a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java +++ b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java @@ -62,8 +62,6 @@ public class CspFilterTest { HttpServletRequest request = newRequest("/"); underTest.doFilter(request, response, chain); verify(response).setHeader("Content-Security-Policy", EXPECTED); - verify(response).setHeader("X-Content-Security-Policy", EXPECTED); - verify(response).setHeader("X-WebKit-CSP", EXPECTED); verify(chain).doFilter(request, response); } -- 2.39.5