@Test public void shouldNotSendJettyVersionWithHttpResponseHeaders() throws Exception { startServer(); testNoJettyVersionInResponseHeaders( httpUri() ); }
@Test public void shouldNotSendJettyVersionWithHttpsResponseHeaders() throws Exception { startServer(); testNoJettyVersionInResponseHeaders( httpsUri() ); }
private static List<String> runRequestAndGetHeaderValues( URI baseUri, String header ) throws Exception { return runRequestAndGetHeaders( baseUri ).getOrDefault( header, emptyList() ); }
@Test public void shouldSendHstsHeaderWithHttpsResponse() throws Exception { startServer( HSTS_HEADER_VALUE ); assertEquals( HSTS_HEADER_VALUE, runRequestAndGetHstsHeaderValue( httpsUri() ) ); }
@Test public void shouldNotSendHstsHeaderWithHttpResponse() throws Exception { startServer( HSTS_HEADER_VALUE ); assertNull( runRequestAndGetHstsHeaderValue( httpUri() ) ); }
private static Map<String,List<String>> runRequestAndGetHeaders( URI baseUri ) throws Exception { URI uri = baseUri.resolve( "db/data/transaction/commit" ); ClientRequest request = createClientRequest( uri ); ClientResponse response = createClient().handle( request ); assertEquals( 200, response.getStatus() ); return response.getHeaders(); }
private void startServer() throws Exception { startServer( null ); }
private void startServer( String hstsValue ) throws Exception { server = buildServer( hstsValue ); server.start(); }
private static String runRequestAndGetHstsHeaderValue( URI baseUri ) throws Exception { return runRequestAndGetHeaderValue( baseUri, STRICT_TRANSPORT_SECURITY.asString() ); }
private static String runRequestAndGetHeaderValue( URI baseUri, String header ) throws Exception { List<String> values = runRequestAndGetHeaderValues( baseUri, header ); if ( values.isEmpty() ) { return null; } else if ( values.size() == 1 ) { return values.get( 0 ); } else { throw new IllegalStateException( "Unexpected number of " + STRICT_TRANSPORT_SECURITY.asString() + " header values: " + values ); } }
@Test public void shouldNotSendHstsHeaderWithHttpsResponseWhenNotConfigured() throws Exception { startServer(); assertNull( runRequestAndGetHstsHeaderValue( httpsUri() ) ); }
private static void testNoJettyVersionInResponseHeaders( URI baseUri ) throws Exception { Map<String,List<String>> headers = runRequestAndGetHeaders( baseUri ); assertNull( headers.get( SERVER.asString() ) ); // no 'Server' header for ( List<String> values : headers.values() ) { assertFalse( values.stream().anyMatch( value -> value.toLowerCase().contains( "jetty" ) ) ); // no 'jetty' in other header values } }