Merge pull request #373 from philpursglove/correct-xframe-header

Correct xframe header
dddeastanglia · Nov 20, 2018 · cddaaf0 · cddaaf0
2 parents 9ea68e4 + f48489b
commit cddaaf0
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/DDDEastAnglia.Tests/Controllers/HomeControllerTests.cs b/DDDEastAnglia.Tests/Controllers/HomeControllerTests.cs
@@ -1,6 +1,9 @@
 using DDDEastAnglia.Controllers;
 using DDDEastAnglia.DataAccess;
+using DDDEastAnglia.Helpers.Agenda;
+using DDDEastAnglia.Helpers.Sessions;
 using DDDEastAnglia.Models;
+using NSubstitute;
 using NUnit.Framework;
 
 namespace DDDEastAnglia.Tests.Controllers
@@ -102,7 +105,7 @@ public void Closed_ShouldRedirectToTheHomePage_WhenTheConferenceIsNotClosed()
         private HomeController CreateHomeController(IConferenceLoader conferenceLoader)
         {
             var sponsorModelQuery = new AllPublicSponsors(new InMemorySponsorRepository(), new DefaultSponsorSorter());
-            return new HomeController(conferenceLoader, sponsorModelQuery);
+            return new HomeController(conferenceLoader, sponsorModelQuery, new AgendaSessionsLoader(Substitute.For<ISessionLoader>(), Substitute.For<ISpeakerRepository>()));
         }
     }
 }
diff --git a/DDDEastAnglia.Tests/Filters/SecurityHeadersFilterTests.cs b/DDDEastAnglia.Tests/Filters/SecurityHeadersFilterTests.cs
@@ -30,7 +30,7 @@ public void Setup()
             };
         }
 
-        [TestCase("X-Frame-Origins")]
+        [TestCase("X-Frame-Options")]
         [TestCase("X-XSS-Protection")]
         [TestCase("X-Content-Type-Options")]
         [TestCase("Strict-Transport-Security")]
@@ -45,7 +45,7 @@ public void Security_Header_Is_Added(string headerName)
             Assert.That(filteredHeaders[headerName], Is.Not.Null);
         }
 
-        [TestCase("X-Frame-Origins", "SAMEORIGIN")]
+        [TestCase("X-Frame-Options", "SAMEORIGIN")]
         [TestCase("X-XSS-Protection", "1; mode=block")]
         [TestCase("X-Content-Type-Options", "nosniff")]
         [TestCase("Strict-Transport-Security", "max-age=31536000; includeSubDomains")]

diff --git a/DDDEastAnglia/App_Start/Filters/SecurityHeadersFilter.cs b/DDDEastAnglia/App_Start/Filters/SecurityHeadersFilter.cs
@@ -18,7 +18,7 @@ public void OnResultExecuted(ResultExecutedContext filterContext)
 
         private void AddSecurityHeaders(NameValueCollection headers)
         {
-            AddHeader(headers, "X-Frame-Origins", "SAMEORIGIN");
+            AddHeader(headers, "X-Frame-Options", "SAMEORIGIN");
             AddHeader(headers, "X-XSS-Protection", "1; mode=block");
             AddHeader(headers, "X-Content-Type-Options", "nosniff");
             AddHeader(headers, "Strict-Transport-Security", "max-age=31536000; includeSubDomains");