LCOV - code coverage report
Current view: top level - httpd - AllowRenderInFrameFilter.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 16 16 100.0 %
Date: 2022-11-19 15:00:39 Functions: 3 3 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2020 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd;
      16             : 
      17             : import com.google.gerrit.server.config.GerritServerConfig;
      18             : import com.google.inject.Inject;
      19             : import java.io.IOException;
      20             : import javax.servlet.FilterChain;
      21             : import javax.servlet.ServletException;
      22             : import javax.servlet.ServletRequest;
      23             : import javax.servlet.ServletResponse;
      24             : import javax.servlet.http.HttpServletResponse;
      25             : import org.eclipse.jgit.lib.Config;
      26             : 
      27             : public class AllowRenderInFrameFilter extends AllRequestFilter {
      28             :   static final String X_FRAME_OPTIONS_HEADER_NAME = "X-Frame-Options";
      29             : 
      30         100 :   public static enum XFrameOption {
      31         100 :     ALLOW,
      32         100 :     SAMEORIGIN;
      33             :   }
      34             : 
      35             :   private final String xframeOptionString;
      36             :   private final boolean skipXFrameOption;
      37             : 
      38             :   @Inject
      39         100 :   public AllowRenderInFrameFilter(@GerritServerConfig Config cfg) {
      40         100 :     XFrameOption xframeOption =
      41         100 :         cfg.getEnum("gerrit", null, "xframeOption", XFrameOption.SAMEORIGIN);
      42         100 :     boolean canLoadInIFrame = cfg.getBoolean("gerrit", "canLoadInIFrame", false);
      43         100 :     xframeOptionString = canLoadInIFrame ? xframeOption.name() : "DENY";
      44             : 
      45         100 :     skipXFrameOption = xframeOption.equals(XFrameOption.ALLOW) && canLoadInIFrame;
      46         100 :   }
      47             : 
      48             :   @Override
      49             :   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      50             :       throws IOException, ServletException {
      51          39 :     if (skipXFrameOption) {
      52           1 :       chain.doFilter(request, response);
      53             :     } else {
      54          39 :       HttpServletResponse httpResponse = (HttpServletResponse) response;
      55          39 :       httpResponse.addHeader(X_FRAME_OPTIONS_HEADER_NAME, xframeOptionString);
      56          39 :       chain.doFilter(request, httpResponse);
      57             :     }
      58          39 :   }
      59             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750