Add async support to wrap-frame-options

weavejester · weavejester · commit 85af72947fbe · 2016-08-12T17:37:48.000+01:00
diff --git a/src/ring/middleware/x_headers.clj b/src/ring/middleware/x_headers.clj
@@ -13,6 +13,14 @@
     (str "ALLOW-FROM " (:allow-from frame-options))
     (str/upper-case (name frame-options))))
 
+(defn- add-header [response header value]
+  (some-> response (resp/header header value)))
+
+(defn frame-options-response
+  "Add the X-Frame-Options header to the response. See: wrap-frame-options."
+  [response frame-options]
+  (add-header response "X-Frame-Options" (format-frame-options frame-options)))
+
 (defn wrap-frame-options
   "Middleware that adds the X-Frame-Options header to the response. This governs
   whether your site can be rendered in a <frame>, <iframe> or <object>, and is
@@ -33,10 +41,13 @@
   {:pre [(or (= frame-options :deny)
              (= frame-options :sameorigin)
              (allow-from? frame-options))]}
-  (let [header-value (format-frame-options frame-options)]
-    (fn [request]
-      (if-let [response (handler request)]
-        (resp/header response "X-Frame-Options" header-value)))))
+  (let [header-name  "X-Frame-Options"
+        header-value (format-frame-options frame-options)]
+    (fn
+      ([request]
+       (add-header (handler request) header-name header-value))
+      ([request respond raise]
+       (handler request #(respond (add-header % header-name header-value)) raise)))))
 
 (defn wrap-content-type-options
   "Middleware that adds the X-Content-Type-Options header to the response. This
diff --git a/test/ring/middleware/x_headers_test.clj b/test/ring/middleware/x_headers_test.clj
@@ -41,6 +41,25 @@
       (let [handler (wrap-frame-options (constantly nil) :deny)]
         (is (nil? (handler (request :get "/"))))))))
 
+(deftest test-wrap-frame-options-cps
+  (testing "deny"
+    (let [handler (-> (fn [_ respond _] (respond (response "hello")))
+                      (wrap-frame-options :deny))
+          resp    (promise)
+          ex      (promise)]
+      (handler (request :get "/") resp ex)
+      (is (not (realized? ex)))
+      (is (= (:headers @resp) {"X-Frame-Options" "DENY"}))))
+
+  (testing "nil response"
+    (let [handler (-> (fn [_ respond _] (respond nil))
+                      (wrap-frame-options :deny))
+          resp    (promise)
+          ex      (promise)]
+      (handler (request :get "/") resp ex)
+      (is (not (realized? ex)))
+      (is (nil? @resp)))))
+
 (deftest test-wrap-content-type-options
   (let [handle-hello (constantly
                  (-> (response "hello")
