From 9f43cd2f7c25c0bbac6a96c36f2629a79bb5bd52 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Thu, 17 Nov 2016 15:13:19 +0100
Subject: SONAR-8248 JS files from plugins don't have JS Content-Type header

---
 .../src/main/resources/static/extension.js         |  2 +
 .../test/java/it/serverSystem/HttpHeadersTest.java | 83 +++++++++++++---------
 .../src/main/java/org/sonarqube/ws/MediaTypes.java |  2 +
 3 files changed, 53 insertions(+), 34 deletions(-)
 create mode 100644 it/it-plugins/ui-extensions-plugin/src/main/resources/static/extension.js

diff --git a/it/it-plugins/ui-extensions-plugin/src/main/resources/static/extension.js b/it/it-plugins/ui-extensions-plugin/src/main/resources/static/extension.js
new file mode 100644
index 00000000000..fd35455a4ea
--- /dev/null
+++ b/it/it-plugins/ui-extensions-plugin/src/main/resources/static/extension.js
@@ -0,0 +1,2 @@
+function hello() {
+}
diff --git a/it/it-tests/src/test/java/it/serverSystem/HttpHeadersTest.java b/it/it-tests/src/test/java/it/serverSystem/HttpHeadersTest.java
index 79f539a8a80..775c7698e7e 100644
--- a/it/it-tests/src/test/java/it/serverSystem/HttpHeadersTest.java
+++ b/it/it-tests/src/test/java/it/serverSystem/HttpHeadersTest.java
@@ -38,72 +38,83 @@ public class HttpHeadersTest {
   @ClassRule
   public static final Orchestrator orchestrator = Category4Suite.ORCHESTRATOR;
 
-  /**
-   * SONAR-6964
-   */
   @Test
-  public void no_browser_cache_for_pages() {
-    Response httpResponse = call(orchestrator.getServer().getUrl() + "/");
+  public void verify_headers_of_base_url() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/");
+
+    verifySecurityHeaders(response);
+    verifyContentType(response, "text/html;charset=utf-8");
 
-    assertNoCacheInBrowser(httpResponse);
+    // SONAR-6964
+    assertNoCacheInBrowser(response);
   }
 
   @Test
-  public void no_browser_cache_for_ws() {
-    Response httpResponse = call(orchestrator.getServer().getUrl() + "/api/issues/search");
+  public void verify_headers_of_ws() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/api/issues/search");
 
-    assertNoCacheInBrowser(httpResponse);
+    verifySecurityHeaders(response);
+    verifyContentType(response, "application/json");
+    assertNoCacheInBrowser(response);
   }
 
   @Test
-  public void no_browser_cache_in_ruby_ws() {
-    Response httpResponse = call(orchestrator.getServer().getUrl() + "/api/resources/index");
+  public void verify_headers_of_ruby_ws() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/api/resources/index");
 
-    assertNoCacheInBrowser(httpResponse);
+    verifySecurityHeaders(response);
+    verifyContentType(response, "application/json;charset=utf-8");
+    assertNoCacheInBrowser(response);
   }
 
   @Test
-  public void browser_cache_on_images() {
-    Response httpResponse = call(orchestrator.getServer().getUrl() + "/images/logo.svg");
+  public void verify_headers_of_images() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/images/logo.svg");
 
-    assertCacheInBrowser(httpResponse);
+    verifySecurityHeaders(response);
+    verifyContentType(response, "image/svg+xml");
+    assertCacheInBrowser(response);
   }
 
   @Test
-  public void browser_cache_on_css() {
-    Response httpResponse = call(orchestrator.getServer().getUrl() + "/css/sonar.css");
+  public void verify_headers_of_css() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/css/sonar.css");
 
-    assertCacheInBrowser(httpResponse);
+    verifySecurityHeaders(response);
+    verifyContentType(response, "text/css");
+    assertCacheInBrowser(response);
   }
 
   @Test
-  public void verify_security_headers_on_base_url() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/"));
-  }
+  public void verify_headers_of_js() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/js/bundles/main.js");
 
-  @Test
-  public void verify_security_headers_on_ws() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/api/issues/search"));
+    verifySecurityHeaders(response);
+    verifyContentType(response, "application/javascript");
   }
 
   @Test
-  public void verify_security_headers_on_ruby_ws() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/api/resources/index"));
-  }
+  public void verify_headers_of_images_provided_by_plugins() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/static/uiextensionsplugin/cute.jpg");
 
-  @Test
-  public void verify_security_headers_on_images() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/images/logo.svg"));
+    verifySecurityHeaders(response);
+    verifyContentType(response, "image/jpeg");
   }
 
   @Test
-  public void verify_security_headers_on_css() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/css/sonar.css"));
+  public void verify_headers_of_js_provided_by_plugins() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/static/uiextensionsplugin/extension.js");
+
+    verifySecurityHeaders(response);
+    verifyContentType(response, "application/javascript");
   }
 
   @Test
-  public void verify_security_headers_on_js() throws Exception {
-    verifySecurityHeaders(call(orchestrator.getServer().getUrl() + "/js/bundles/main.js"));
+  public void verify_headers_of_html_provided_by_plugins() throws Exception {
+    Response response = call(orchestrator.getServer().getUrl() + "/static/uiextensionsplugin/file.html");
+
+    verifySecurityHeaders(response);
+    verifyContentType(response, "text/html");
   }
 
   private static void assertCacheInBrowser(Response httpResponse) {
@@ -130,6 +141,10 @@ public class HttpHeadersTest {
     assertThat(httpResponse.headers().get("X-Content-Type-Options")).isEqualTo("nosniff");
   }
 
+  private static void verifyContentType(Response httpResponse, String expectedContentType) {
+    assertThat(httpResponse.headers().get("Content-Type")).isEqualTo(expectedContentType);
+  }
+
   private static Response call(String url) {
     Request request = new Request.Builder().get().url(url).build();
     try {
diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/MediaTypes.java b/sonar-ws/src/main/java/org/sonarqube/ws/MediaTypes.java
index 629bc33ae68..d7677c4ea2b 100644
--- a/sonar-ws/src/main/java/org/sonarqube/ws/MediaTypes.java
+++ b/sonar-ws/src/main/java/org/sonarqube/ws/MediaTypes.java
@@ -36,9 +36,11 @@ public final class MediaTypes {
   public static final String TXT = "text/plain";
   public static final String PROTOBUF = "application/x-protobuf";
   public static final String ZIP = "application/zip";
+  public static final String JAVASCRIPT = "application/javascript";
   public static final String DEFAULT = "application/octet-stream";
 
   private static final Map<String, String> MAP = new ImmutableMap.Builder<String, String>()
+    .put("js", JAVASCRIPT)
     .put("json", JSON)
     .put("zip", "application/zip")
     .put("tgz", "application/tgz")
-- 
cgit v1.2.3