> On Feb. 7, 2019, 1:06 p.m., András Piros wrote: > > core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java > > Lines 36 (patched) > > <https://reviews.apache.org/r/69916/diff/1/?file=2124184#file2124184line36> > > > > While this only test case is OK with me, can you please add more to > > this: > > > > * clickjacking attempt should result unsuccessful > > * normal HTTP servlet, e.g. `VersionServlet`, gives also this HTTP > > response header
The servlet classes do not deal with the response headers, so I cannot add testing there (I tried to add it to TestVersionServlet). We have several test containers where we add the filter mappings (e.g. TestAuthFilterAuthOozieClient). I've added this new filter to the filter mappings, so it will test if it ruins the other filters or not. Creating a new test looks quite useless if I need to add this mapping in the test code, my test code would check the test code, not the real one. I've modified TestEmbeddedOozieServer and test if the oozieFilterMapper.addFilters method is called which shoes that we really add the filters. - Andras ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69916/#review212626 ----------------------------------------------------------- On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69916/ > ----------------------------------------------------------- > > (Updated Feb. 7, 2019, 12:40 p.m.) > > > Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz. > > > Repository: oozie-git > > > Description > ------- > > OOZIE-3427 - Use best practices in HTTP response headers > > > Diffs > ----- > > core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java > PRE-CREATION > core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java > PRE-CREATION > server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815 > webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153 > > > Diff: https://reviews.apache.org/r/69916/diff/1/ > > > Testing > ------- > > Tested embedded jetty and war installed to a local tomcat. Local tomcat was > hardly working, but at least I was able to test /versions. > > $ wget -qS http://localhost:11000/oozie/index.jsp > HTTP/1.1 200 OK > Date: Thu, 07 Feb 2019 09:44:32 GMT > X-Frame-Options: DENY > Content-Type: text/html;charset=utf-8 > Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Content-Length: 3739 > > > Thanks, > > Andras Salamon > >
