TSPS-366 fix CSP header to work with b2c auth (#176)

DataBiosphere · Dec 4, 2024 · 3088632 · 3088632
1 parent a2b313a
commit 3088632
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 13 deletions.
diff --git a/service/src/main/java/bio/terra/pipelines/app/controller/PublicApiController.java b/service/src/main/java/bio/terra/pipelines/app/controller/PublicApiController.java
@@ -54,14 +54,9 @@ public ResponseEntity<ApiVersionProperties> getVersion() {
 
   private static final String CSP_HEADER_NAME = "Content-Security-Policy";
   private static final String CSP_HEADER_CONTENTS =
-      "default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'none';";
+      "script-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; form-action 'none';";
 
-  @GetMapping(value = "/")
-  public String index() {
-    return "redirect:/swagger-ui.html";
-  }
-
-  @GetMapping({"/index.html", "/swagger-ui.html"})
+  @GetMapping({"/", "/index.html", "/swagger-ui.html"})
   public String getSwagger(Model model, HttpServletResponse response) {
     response.setHeader(CSP_HEADER_NAME, CSP_HEADER_CONTENTS);
 

diff --git a/service/src/test/java/bio/terra/pipelines/controller/PublicApiControllerTest.java b/service/src/test/java/bio/terra/pipelines/controller/PublicApiControllerTest.java
@@ -74,14 +74,9 @@ void testVersion() throws Exception {
         .andExpect(jsonPath("$.build").value(build));
   }
 
-  @Test
-  void testIndex() throws Exception {
-    this.mockMvc.perform(get("/")).andExpect(status().is3xxRedirection());
-  }
-
   @Test
   void testGetSwagger() throws Exception {
-    var swaggerPaths = Set.of("/index.html", "/swagger-ui.html");
+    var swaggerPaths = Set.of("/", "/index.html", "/swagger-ui.html");
     for (var path : swaggerPaths) {
       this.mockMvc
           .perform(get(path))