Skip to content

Commit

Permalink
Bugfix/typos (#157)
Browse files Browse the repository at this point in the history 
* Fixed errant semicolon in values for  X-Permitted-Cross-Domain-Policies

* X-Frame-Options values are no longer all caps

* Fixed tests
  • Loading branch information
@jamie-taylor-rjj
jamie-taylor-rjj authored Dec 27, 2024
1 parent 96cdaac commit 0d52112
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 13 deletions.
10 changes: 5 additions & 5 deletions src/Models/PermittedCrossDomainPolicyConfiguration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ public string BuildHeaderValue()
switch (XPermittedCrossDomainOptionValue)
{
case XPermittedCrossDomainOptionValue.none:
return "none;";
return "none";
case XPermittedCrossDomainOptionValue.masterOnly:
return "master-only;";
return "master-only";
case XPermittedCrossDomainOptionValue.byContentType:
return "by-content-type;";
return "by-content-type";
case XPermittedCrossDomainOptionValue.byFtpFileType:
return "by-ftp-file-type;";
return "by-ftp-file-type";
case XPermittedCrossDomainOptionValue.all:
return "all;";
return "all";
default:
ArgumentExceptionHelper.RaiseException(nameof(XPermittedCrossDomainOptionValue));
break;
Expand Down
8 changes: 4 additions & 4 deletions src/Models/XFrameOptionsConfiguration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ public string BuildHeaderValue()
switch (OptionValue)
{
case XFrameOptions.Deny:
return "DENY";
return "deny";
case XFrameOptions.Sameorigin:
return "SAMEORIGIN";
return "sameorigin";
case XFrameOptions.Allowfrom:
HeaderValueGuardClauses.StringCannotBeNullOrWhitsSpace(AllowFromDomain, nameof(AllowFromDomain));
return $"ALLOW-FROM({AllowFromDomain})";
return $"allow-from: ({AllowFromDomain})";
case XFrameOptions.AllowAll:
return "ALLOWALL";
return "allowall";
}
// We should never hit this return statement. It is included here
// as the method NEEDs to return something.
Expand Down
4 changes: 2 additions & 2 deletions tests/OwaspHeaders.Core.Tests/CustomHeaders/DefaultSecureHeadersIntegrationTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public async Task AllHeaders_Present_When_BuildDefault_Used()

Assert.True(headerPresentConfig.UseXFrameOptions);
Assert.Contains(context.Response.Headers, h => h.Key == Constants.XFrameOptionsHeaderName);
Assert.Equal("DENY", context.Response.Headers[Constants.XFrameOptionsHeaderName]);
Assert.Equal("deny", context.Response.Headers[Constants.XFrameOptionsHeaderName]);

Assert.True(headerPresentConfig.UseXssProtection);
Assert.Contains(context.Response.Headers, h => h.Key == Constants.XssProtectionHeaderName);
Expand All @@ -44,7 +44,7 @@ public async Task AllHeaders_Present_When_BuildDefault_Used()

Assert.True(headerPresentConfig.UsePermittedCrossDomainPolicy);
Assert.Contains(context.Response.Headers, h => h.Key == Constants.PermittedCrossDomainPoliciesHeaderName);
Assert.Equal("none;", context.Response.Headers[Constants.PermittedCrossDomainPoliciesHeaderName]);
Assert.Equal("none", context.Response.Headers[Constants.PermittedCrossDomainPoliciesHeaderName]);

Assert.True(headerPresentConfig.UseReferrerPolicy);
Assert.Contains(context.Response.Headers, h => h.Key == Constants.ReferrerPolicyHeaderName);
Expand Down
4 changes: 2 additions & 2 deletions ...pHeaders.Core.Tests/SecureHeadersMiddlewareExtensionTests/SecureHeadersMiddlewareTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ private void AssertHeadersInResponse(SecureHeadersMiddlewareConfiguration middle

// X-Frame-Options
Assert.True(middlewareConfiguration.UseXFrameOptions);
Assert.Equal("DENY", middlewareConfiguration.XFrameOptionsConfiguration.BuildHeaderValue());
Assert.Equal("deny", middlewareConfiguration.XFrameOptionsConfiguration.BuildHeaderValue());

// X-Content-Type-Options
Assert.True(middlewareConfiguration.UseXContentTypeOptions);
Expand All @@ -116,7 +116,7 @@ private void AssertHeadersInResponse(SecureHeadersMiddlewareConfiguration middle

// X-Permitted-Cross-Domain-Policies
Assert.True(middlewareConfiguration.UsePermittedCrossDomainPolicy);
Assert.Equal("none;", middlewareConfiguration.PermittedCrossDomainPolicyConfiguration.BuildHeaderValue());
Assert.Equal("none", middlewareConfiguration.PermittedCrossDomainPolicyConfiguration.BuildHeaderValue());

// Referrer-Policy
Assert.True(middlewareConfiguration.UseReferrerPolicy);
Expand Down

0 comments on commit 0d52112

Please sign in to comment.