Commit a09c5a3d authored by Xavier Guimard's avatar Xavier Guimard

Typo (#1138)

parent 3b3941a6
......@@ -41,7 +41,7 @@
SetHandler fcgid-script
Options +ExecCGI
<IfModule mod_headers.c>
header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none':form-action 'self';"
header set X-Content-Type-Options nosniff
header set X-Frame-Options DENY
header set X-XSS-Protection "1; mode=block"
......
......@@ -41,7 +41,7 @@
SetHandler fcgid-script
Options +ExecCGI
<IfModule mod_headers.c>
header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none':form-action 'self';"
header set X-Content-Type-Options nosniff
header set X-Frame-Options DENY
header set X-XSS-Protection "1; mode=block"
......
......@@ -41,7 +41,7 @@
SetHandler fcgid-script
Options +ExecCGI
<IfModule mod_headers.c>
header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none':form-action 'self';"
header set X-Content-Type-Options nosniff
header set X-Frame-Options DENY
header set X-XSS-Protection "1; mode=block"
......
......@@ -16,7 +16,7 @@ server {
fastcgi_param PATH_INFO $fastcgi_path_info;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';";
add_header Content-Security-Policy "default-src 'self';frame-ancestors 'none':form-action 'self';";
add_header X-Frame-Options DENY;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000";
......
......@@ -640,6 +640,10 @@ sub sendHtml {
# Set authorizated URL for POST
my $csp = $self->csp . "form-action 'self'";
if(my $url = $req->urldc) {
$url =~ s#https?://([^/]+).*#$1#;
$csp .= " $url";
}
my $url = $args{params}->{URL};
if ( $url and $url =~ s#https?://([^/]+).*#$1# ) {
$csp .= " $url";
......
......@@ -109,9 +109,9 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
),
'Get iframe'
);
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancessor/,
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
' Framing authorizated' )
or explain( $res->[1], 'No frame-ancessor' );
or explain( $res->[1], 'No frame-ancestors' );
( $host, $url, $query ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogout',
'SAMLRequest' );
......
......@@ -120,10 +120,10 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#,
ok( $res = $issuer->_get( $url, query => $query, accept => 'text/html' ),
'Push SAML response to IdP' );
expectOK($res);
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancessor/,
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
' Frame can be embedded' )
or explain( $res->[1],
'Content-Security-Policy does not contain a frame-ancessor' );
'Content-Security-Policy does not contain a frame-ancestors' );
# Test if logout is done
switch ('issuer');
......
......@@ -124,10 +124,10 @@ SKIP: {
'Get iframe from IdP'
);
expectOK($res);
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancessor/,
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
' Frame can be embedded' )
or explain( $res->[1],
'Content-Security-Policy does not contain a frame-ancessor' );
'Content-Security-Policy does not contain a frame-ancestors' );
# Verify that user has been disconnected
ok( $res = $issuer->_get( '/', cookie => "lemonldap=$idpId" ),
......
......@@ -86,10 +86,10 @@ ok(
);
count(1);
expectOK($res);
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancessor/,
ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
' Frame can be embedded' )
or explain( $res->[1],
'Content-Security-Policy does not contain a frame-ancessor' );
'Content-Security-Policy does not contain a frame-ancestors' );
count(1);
# Logout initiated by RP
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment