Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
FIY695
jenkins
提交
921cfa9e
J
jenkins
项目概览
FIY695
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
921cfa9e
编写于
3月 16, 2015
作者:
K
Kohsuke Kawaguchi
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'security' into security-stable-1.596
上级
9abf3661
69908093
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
42 addition
and
1 deletion
+42
-1
core/src/main/java/hudson/security/HudsonFilter.java
core/src/main/java/hudson/security/HudsonFilter.java
+5
-1
test/src/test/java/jenkins/security/Security177Test.java
test/src/test/java/jenkins/security/Security177Test.java
+37
-0
未找到文件。
core/src/main/java/hudson/security/HudsonFilter.java
浏览文件 @
921cfa9e
...
...
@@ -36,6 +36,7 @@ import javax.servlet.ServletContext;
import
javax.servlet.ServletException
;
import
javax.servlet.ServletRequest
;
import
javax.servlet.ServletResponse
;
import
javax.servlet.http.HttpServletResponse
;
import
org.acegisecurity.AuthenticationManager
;
import
org.acegisecurity.ui.rememberme.RememberMeServices
;
...
...
@@ -153,7 +154,10 @@ public class HudsonFilter implements Filter {
public
void
doFilter
(
ServletRequest
request
,
ServletResponse
response
,
FilterChain
chain
)
throws
IOException
,
ServletException
{
LOGGER
.
entering
(
HudsonFilter
.
class
.
getName
(),
"doFilter"
);
// this is not the best place to do it, but doing it here makes the patch smaller.
((
HttpServletResponse
)
response
).
setHeader
(
"X-Content-Type-Options"
,
"nosniff"
);
// to deal with concurrency, we need to capture the object.
Filter
f
=
filter
;
...
...
test/src/test/java/jenkins/security/Security177Test.java
0 → 100644
浏览文件 @
921cfa9e
package
jenkins.security
;
import
com.gargoylesoftware.htmlunit.Page
;
import
org.junit.Rule
;
import
org.junit.Test
;
import
org.jvnet.hudson.test.JenkinsRule
;
import
org.jvnet.hudson.test.JenkinsRule.WebClient
;
import
java.net.URL
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
/**
* @author Kohsuke Kawaguchi
*/
// @Issue("SECURITY-177")
public
class
Security177Test
{
@Rule
public
JenkinsRule
jenkins
=
new
JenkinsRule
();
@Test
public
void
nosniff
()
throws
Exception
{
WebClient
wc
=
jenkins
.
createWebClient
();
wc
.
setThrowExceptionOnFailingStatusCode
(
false
);
URL
u
=
jenkins
.
getURL
();
verifyNoSniff
(
wc
.
getPage
(
new
URL
(
u
,
"adjuncts/507db12b/nosuch/adjunct.js"
)));
verifyNoSniff
(
wc
.
getPage
(
new
URL
(
u
,
"no-such-page"
)));
verifyNoSniff
(
wc
.
getPage
(
new
URL
(
u
,
"images/title.svg"
)));
verifyNoSniff
(
wc
.
getPage
(
u
));
}
private
void
verifyNoSniff
(
Page
p
)
{
String
v
=
p
.
getWebResponse
().
getResponseHeaderValue
(
"X-Content-Type-Options"
);
assertEquals
(
v
,
"nosniff"
);
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录