Add async support to wrap-content-type-options

Author: weavejester

src/ring/middleware/x_headers.clj

@@ -13,13 +13,17 @@
     (str "ALLOW-FROM " (:allow-from frame-options))
     (str/upper-case (name frame-options))))
 
-(defn- add-header [response header value]
-  (some-> response (resp/header header value)))
+(defn- wrap-x-header [handler header-name header-value]
+  (fn
+    ([request]
+     (some-> (handler request) (resp/header header-name header-value)))
+    ([request respond raise]
+     (handler request #(respond (some-> % (resp/header header-name header-value))) raise))))
 
 (defn frame-options-response
   "Add the X-Frame-Options header to the response. See: wrap-frame-options."
   [response frame-options]
-  (add-header response "X-Frame-Options" (format-frame-options frame-options)))
+  (some-> response (resp/header "X-Frame-Options" (format-frame-options frame-options))))
 
 (defn wrap-frame-options
   "Middleware that adds the X-Frame-Options header to the response. This governs
@@ -41,13 +45,13 @@
   {:pre [(or (= frame-options :deny)
              (= frame-options :sameorigin)
              (allow-from? frame-options))]}
-  (let [header-name  "X-Frame-Options"
-        header-value (format-frame-options frame-options)]
-    (fn
-      ([request]
-       (add-header (handler request) header-name header-value))
-      ([request respond raise]
-       (handler request #(respond (add-header % header-name header-value)) raise)))))
+  (wrap-x-header handler "X-Frame-Options" (format-frame-options frame-options)))
+
+(defn content-type-options-response
+  "Add the X-Content-Type-Options header to the response.
+  See: wrap-content-type-options."
+  [response content-type-options]
+  (some-> response (resp/header "X-Content-Type-Options" (name content-type-options))))
 
 (defn wrap-content-type-options
   "Middleware that adds the X-Content-Type-Options header to the response. This
@@ -60,9 +64,7 @@
   http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
   [handler content-type-options]
   {:pre [(= content-type-options :nosniff)]}
-  (fn [request]
-    (if-let [response (handler request)]
-      (resp/header response "X-Content-Type-Options" (name content-type-options)))))
+  (wrap-x-header handler "X-Content-Type-Options" (name content-type-options)))
 
 (defn wrap-xss-protection
   "Middleware that adds the X-XSS-Protection header to the response. This header

test/ring/middleware/x_headers_test.clj

@@ -61,9 +61,7 @@
       (is (nil? @resp)))))
 
 (deftest test-wrap-content-type-options
-  (let [handle-hello (constantly
-                 (-> (response "hello")
-                     (content-type "text/plain")))]
+  (let [handle-hello (constantly (-> (response "hello") (content-type "text/plain")))]
     (testing "nosniff"
       (let [handler (wrap-content-type-options handle-hello :nosniff)
             resp    (handler (request :get "/"))]
@@ -79,6 +77,29 @@
       (let [handler (wrap-content-type-options (constantly nil) :nosniff)]
         (is (nil? (handler (request :get "/"))))))))
 
+(deftest test-wrap-content-type-options-cps
+  (testing "nosniff"
+    (let [handler (-> (fn [_ respond _]
+                        (respond (-> (response "hello") (content-type "text/plain"))))
+                      (wrap-content-type-options :nosniff))
+          resp    (promise)
+          ex      (promise)]
+      (handler (request :get "/") resp ex)
+      (is (not (realized? ex)))
+      (is (= @resp {:status  200
+                    :headers {"X-Content-Type-Options" "nosniff"
+                              "Content-Type" "text/plain"}
+                    :body    "hello"}))))
+
+  (testing "nil response"
+    (let [handler (-> (fn [_ respond _] (respond nil))
+                      (wrap-content-type-options :nosniff))
+          resp    (promise)
+          ex      (promise)]
+      (handler (request :get "/") resp ex)
+      (is (not (realized? ex)))
+      (is (nil? @resp)))))
+
 (deftest test-wrap-xss-protection
   (let [handle-hello (constantly (response "hello"))]
     (testing "enable"