refactor(ContentSecurityPolicyHeaderWriter): return useSingleHost member back.

Should be in f616144 commit.

Prerequisite to #1059

Author: php-coder

src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java

@@ -168,6 +168,7 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 		+ 5;
 
 	private final boolean useCdn;
+	private final boolean useSingleHost;
 	private final boolean hasH2Console;
 	private final String host;
 
@@ -186,15 +187,13 @@ protected String constructDirectives(String uri) {
 		StringBuilder sb = new StringBuilder(MIN_HEADER_LENGTH);
 
 		sb.append(DEFAULT_SRC).append(SEPARATOR)
-		  .append(IMG_SRC).append(useCdn ? IMG_SRC_ALT : IMG_SRC_SELF).append(SEPARATOR)
+		  .append(IMG_SRC).append(useSingleHost ? IMG_SRC_SELF : IMG_SRC_ALT).append(SEPARATOR)
 		  .append(FONT_SRC).append(useCdn ?  FONT_SRC_CDN : FONT_SRC_SELF).append(SEPARATOR)
 		  .append(REPORT_URI).append(host).append(SiteUrl.CSP_REPORTS_HANDLER).append(SEPARATOR)
-		  .append(STYLE_SRC);
+		  .append(STYLE_SRC).append(useSingleHost ? STYLES_SELF : STYLES_ALT);
 
 		if (useCdn) {
-			sb.append(STYLES_ALT).append(' ').append(STYLES_CDN);
-		} else {
-			sb.append(STYLES_SELF);
+			sb.append(' ').append(STYLES_CDN);
 		}
 
 		if (onCollectionInfoPage) {
@@ -212,12 +211,11 @@ protected String constructDirectives(String uri) {
 		}
 
 		sb.append(SEPARATOR)
-		  .append(SCRIPT_SRC);
+		  .append(SCRIPT_SRC)
+		  .append(useSingleHost ? SCRIPTS_SELF : SCRIPTS_ALT);
 
 		if (useCdn) {
-			sb.append(SCRIPTS_ALT).append(' ').append(SCRIPTS_CDN);
-		} else {
-			sb.append(SCRIPTS_SELF);
+			sb.append(' ').append(SCRIPTS_CDN);
 		}
 
 		if (onCollectionInfoPage) {

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

@@ -81,14 +81,15 @@ public void configure(WebSecurity web) throws Exception {
 	@SuppressWarnings({ "PMD.SignatureDeclareThrowsException", "checkstyle:linelength" })
 	protected void configure(HttpSecurity http) throws Exception {
 		boolean useCdn = environment.acceptsProfiles("prod");
+		boolean useSingleHost = !environment.acceptsProfiles("prod");
 		boolean hasH2Console = environment.acceptsProfiles("test");
 
 		// @todo #226 Introduce app.use-public-hostname property
 		boolean usePublicHostname = environment.acceptsProfiles("prod");
 		String hostname = usePublicHostname ? SiteUrl.PUBLIC_URL : SiteUrl.SITE;
 
 		ContentSecurityPolicyHeaderWriter cspWriter =
-			new ContentSecurityPolicyHeaderWriter(useCdn, hasH2Console, hostname);
+			new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname);
 
 		http
 			.authorizeRequests()

src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java

@@ -48,7 +48,7 @@ public class ContentSecurityPolicyHeaderWriterTest {
 	@Test
 	public void writeContentSecurityPolicyHeader() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(bool(), bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(bool(), bool(), bool(), Random.host());
 
 		HttpServletRequest request = new MockHttpServletRequest();
 		HttpServletResponse response = new MockHttpServletResponse();
@@ -66,7 +66,7 @@ public void writeContentSecurityPolicyHeader() {
 	@Test
 	public void onIndexPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(false, bool(), SiteUrl.SITE);
+			new ContentSecurityPolicyHeaderWriter(false, true, bool(), SiteUrl.SITE);
 		String[] directives = writer.constructDirectives("/").split(";");
 
 		assertThat(directives, hasItemInArray("default-src 'none'"));
@@ -92,7 +92,7 @@ public void onIndexPageWithLocalResources() {
 	@Test
 	public void onIndexPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer
-			= new ContentSecurityPolicyHeaderWriter(true, bool(), SiteUrl.PUBLIC_URL);
+			= new ContentSecurityPolicyHeaderWriter(true, false, bool(), SiteUrl.PUBLIC_URL);
 		String[] directives = writer.constructDirectives("/").split(";");
 
 		assertThat(directives, hasItemInArray("default-src 'none'"));
@@ -136,7 +136,7 @@ public void onIndexPageWithResourcesFromCdn() {
 	@Test
 	public void onCollectionInfoPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(false, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
 		String[] directives = writer.constructDirectives("/collection/user").split(";");
 
 		// test only the directives that differ from the index page
@@ -169,7 +169,7 @@ public void onCollectionInfoPageWithLocalResources() {
 	@Test
 	public void onCollectionInfoPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(true, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
 		String[] directives = writer.constructDirectives("/collection/user").split(";");
 
 		// test only the directives that differ from the index page
@@ -205,7 +205,7 @@ public void onCollectionInfoPageWithResourcesFromCdn() {
 	@Test
 	public void onSeriesAddImagePageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(false, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
 
 		for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
 			String[] directives = writer.constructDirectives(page).split(";");
@@ -231,7 +231,7 @@ public void onSeriesAddImagePageWithLocalResources() {
 	@Test
 	public void onSeriesAddImagePageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(true, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
 
 		for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
 			String[] directives = writer.constructDirectives(page).split(";");
@@ -270,7 +270,7 @@ public void onSeriesAddImagePageWithResourcesFromCdn() {
 	@Test
 	public void onSeriesAddPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(false, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
 		String[] directives = writer.constructDirectives("/series/add").split(";");
 
 		// test only the directives that differ from the index page
@@ -304,7 +304,7 @@ public void onSeriesAddPageWithLocalResources() {
 	@Test
 	public void onSeriesAddPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(true, bool(), Random.host());
+			new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
 		String[] directives = writer.constructDirectives("/series/add").split(";");
 
 		// test only the directives that differ from the index page
@@ -341,7 +341,7 @@ public void onSeriesAddPageWithResourcesFromCdn() {
 	@Test
 	public void onH2ConsoleWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(false, true, Random.host());
+			new ContentSecurityPolicyHeaderWriter(false, true, true, Random.host());
 		String[] directives = writer.constructDirectives("/console/").split(";");
 
 		// test only the directives that are differ from the index page
@@ -376,7 +376,7 @@ public void onH2ConsoleWithLocalResources() {
 	@Test
 	public void onH2ConsoleWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer =
-			new ContentSecurityPolicyHeaderWriter(true, false, Random.host());
+			new ContentSecurityPolicyHeaderWriter(true, false, false, Random.host());
 		String[] directives = writer.constructDirectives("/console/").split(";");
 
 		// "style-src" directive should be the same as for the index page