Commit 7be78485 authored by Matt Wise's avatar Matt Wise
Browse files

Merge remote-tracking branch 'upstream/master' into fix-multi-record-info

parents 73036aef c301b7d3
Pipeline #24387 passed with stages
in 4 minutes and 44 seconds
......@@ -29,6 +29,7 @@ public class HttpRequest {
public static final String PUT = "PUT";
public static final String GET = "GET";
public static final String DELETE = "DELETE";
public static final String HEAD = "HEAD";
String httpMethod;
String url;
......
......@@ -19,6 +19,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Deprecated // This class doesn't work well with CORS, use ResponseHeadersFactory instead
public class ResponseHeaders {
public static final Map<String, List<Object>> STANDARD_RESPONSE_HEADERS = new HashMap<>();
......
package org.opengroup.osdu.core.common.http;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
public class ResponseHeadersFactory {
public Map<String, String> getResponseHeaders(String commaDelimitedDomains){
Map<String, String> responseHeaders = new HashMap<>();
responseHeaders.put("Access-Control-Allow-Origin", commaDelimitedDomains);
responseHeaders.put("Access-Control-Allow-Credentials", "true");
responseHeaders.put("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH");
responseHeaders.put("X-Frame-Options", "DENY");
responseHeaders.put("X-XSS-Protection", "1; mode=block");
responseHeaders.put("X-Content-Type-Options", "nosniff");
responseHeaders.put("Cache-Control", "no-cache, no-store, must-revalidate");
responseHeaders.put("Content-Security-Policy", "default-src 'self'");
responseHeaders.put("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
responseHeaders.put("Expires", "0");
responseHeaders.put("Access-Control-Max-Age", "3600");
responseHeaders.put("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
return responseHeaders;
}
}
package org.opengroup.osdu.core.common.http;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;
import org.powermock.core.classloader.annotations.PrepareForTest;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import static junit.framework.TestCase.assertEquals;
@RunWith(MockitoJUnitRunner.class)
@PrepareForTest({HttpURLConnection.class, OutputStream.class})
public class ResponseHeadersFactoryTest {
@Test
public void should_retrieveFullListOfHeaders() {
// Arrange
String domains = "test-domain,test-domain2";
ResponseHeadersFactory responseHeadersFactory = new ResponseHeadersFactory();
// Act
Map<String, String> responseHeaders = responseHeadersFactory.getResponseHeaders(domains);
// Assert
assertEquals(12, responseHeaders.size());
assertEquals("test-domain,test-domain2", responseHeaders.get("Access-Control-Allow-Origin"));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment