Fix XContentTypeOptionsServerHttpHeadersWriter

set constant value to X-Content-Type-Options

Closes gh-13155

Author: joerg-richter-5234

web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java

@@ -28,7 +28,7 @@
  */
 public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
-	public static final String X_CONTENT_OPTIONS = "X-Content-Options";
+	public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
 
 	public static final String NOSNIFF = "nosniff";
 

web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java

@@ -32,11 +32,14 @@
 public class XContentTypeOptionsServerHttpHeadersWriterTests {
 
 	ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
-
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
-
 	HttpHeaders headers = this.exchange.getResponse().getHeaders();
 
+
+	XContentTypeOptionsServerHttpHeadersWriter writerXContentType = new XContentTypeOptionsServerHttpHeadersWriter();
+	ServerWebExchange exchangeXContentType = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
+	HttpHeaders headersXContentType = this.exchangeXContentType.getResponse().getHeaders();
+
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
 		this.writer.writeHttpHeaders(this.exchange);
@@ -46,7 +49,7 @@ public void writeHeadersWhenNoHeadersThenWriteHeaders() {
 	}
 
 	@Test
-	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
+	public void writeHeadersWhenHeaderWrittenThenDoesNotOverride() {
 		String headerValue = "value";
 		this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
 		this.writer.writeHttpHeaders(this.exchange);
@@ -55,4 +58,36 @@ public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 				.containsOnly(headerValue);
 	}
 
+	@Test
+	public void constantsMatchExpectedHeaderAndValue() {
+		assertThat(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)
+				.isEqualTo("X-Content-Type-Options");
+		assertThat(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
+	}
+
+	@Test
+	public void writeHeadersWhenNoHeadersThenWriteHeadersForXContentTypeOptionsServerHttpHeadersWriter() {
+		this.writerXContentType.writeHttpHeaders(this.exchangeXContentType);
+		assertThat(this.headersXContentType).hasSize(1);
+		assertThat(this.headersXContentType.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
+	}
+
+	@Test
+	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrideForXContentTypeOptionsServerHttpHeadersWriter() {
+		String headerValue = "value";
+		this.headersXContentType.set(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
+		this.writerXContentType.writeHttpHeaders(this.exchangeXContentType);
+		assertThat(this.headersXContentType).hasSize(1);
+		assertThat(this.headersXContentType.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS))
+				.containsOnly(headerValue);
+	}
+
+	@Test
+	public void constantsMatchExpectedHeaderAndValueForXContentTypeOptionsServerHttpHeadersWriter() {
+		assertThat(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)
+				.isEqualTo("X-Content-Type-Options");
+		assertThat(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF).isEqualTo("nosniff");
+	}
+
 }