diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-06-20 19:46:10 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-06-20 19:46:10 +0200 |
| commit | 2f87fb6b456fd109c90a5093c31b7a3f62a32040 (patch) | |
| tree | f79268ca6d160027fde21b9643789ec2ca31bcc2 /tests | |
| parent | 60edf2f18ab40439e2efb1d20e594f2797b6f31b (diff) | |
| download | nextcloud-server-2f87fb6b456fd109c90a5093c31b7a3f62a32040.tar.gz nextcloud-server-2f87fb6b456fd109c90a5093c31b7a3f62a32040.zip | |
Add Clear-Site-Data header
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.
See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.
Ref https://twitter.com/mikewest/status/877149667909406723
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Core/Controller/LoginControllerTest.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index ca32a04efe1..bd2d0143caf 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -95,6 +95,7 @@ class LoginControllerTest extends TestCase { ->willReturn('/login'); $expected = new RedirectResponse('/login'); + $expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"'); $this->assertEquals($expected, $this->loginController->logout()); } @@ -124,6 +125,7 @@ class LoginControllerTest extends TestCase { ->willReturn('/login'); $expected = new RedirectResponse('/login'); + $expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"'); $this->assertEquals($expected, $this->loginController->logout()); } |