MAGETWO-16192: Security: Clickjacking solution - introduce X-Frame-Options

Dale Sikkema · Dale Sikkema · commit 2aa4989ec20a · 2015-06-18T13:50:42.000-05:00
- add unit test
diff --git a/lib/internal/Magento/Framework/App/Response/Http.php b/lib/internal/Magento/Framework/App/Response/Http.php
@@ -59,7 +59,6 @@ public function __construct(
      *
      * @param string $value
      * @return void
-     * @codeCoverageIgnore
      */
     public function setXFrameOptions($value)
     {
diff --git a/lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php b/lib/internal/Magento/Framework/App/Response/XFrameOptPlugin.php
@@ -8,7 +8,6 @@
 
 /**
  * Adds an X-FRAME-OPTIONS header to HTTP responses to safeguard against click-jacking.
- * @codeCoverageIgnore
  */
 class XFrameOptPlugin
 {
@@ -35,6 +34,7 @@ public function __construct($xFrameOpt)
     /**
      * @param \Magento\Framework\App\Response\Http $subject
      * @return void
+     * @codeCoverageIgnore
      */
     public function beforeSendResponse(\Magento\Framework\App\Response\Http $subject)
     {
diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Response/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Response/HttpTest.php
@@ -271,4 +271,11 @@ public function testWakeUpWith()
         \Magento\Framework\App\ObjectManager::setInstance($objectManagerMock);
         $this->model->__wakeup();
     }
+
+    public function testSetXFrameOptions()
+    {
+        $value = 'SAMEORIGIN';
+        $this->model->setXFrameOptions($value);
+        $this->assertSame($value, $this->model->getHeader(Http::HEADER_X_FRAME_OPT)->getFieldValue());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,6 @@ public function __construct(`
`59`	`59`	`*`
`60`	`60`	`* @param string $value`
`61`	`61`	`* @return void`
`62`		`- * @codeCoverageIgnore`
`63`	`62`	`*/`
`64`	`63`	`public function setXFrameOptions($value)`
`65`	`64`	`{`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@`
`8`	`8`
`9`	`9`	`/**`
`10`	`10`	`* Adds an X-FRAME-OPTIONS header to HTTP responses to safeguard against click-jacking.`
`11`		`- * @codeCoverageIgnore`
`12`	`11`	`*/`
`13`	`12`	`class XFrameOptPlugin`
`14`	`13`	`{`
`@@ -35,6 +34,7 @@ public function __construct($xFrameOpt)`
`35`	`34`	`/**`
`36`	`35`	`* @param \Magento\Framework\App\Response\Http $subject`
`37`	`36`	`* @return void`
	`37`	`+ * @codeCoverageIgnore`
`38`	`38`	`*/`
`39`	`39`	`public function beforeSendResponse(\Magento\Framework\App\Response\Http $subject)`
`40`	`40`	`{`
Original file line number	Diff line number	Diff line change
`@@ -271,4 +271,11 @@ public function testWakeUpWith()`
`271`	`271`	`\Magento\Framework\App\ObjectManager::setInstance($objectManagerMock);`
`272`	`272`	`$this->model->__wakeup();`
`273`	`273`	`}`
	`274`	`+`
	`275`	`+ public function testSetXFrameOptions()`
	`276`	`+ {`
	`277`	`+ $value = 'SAMEORIGIN';`
	`278`	`+ $this->model->setXFrameOptions($value);`
	`279`	`+ $this->assertSame($value, $this->model->getHeader(Http::HEADER_X_FRAME_OPT)->getFieldValue());`
	`280`	`+ }`
`274`	`281`	`}`