hanicz commented on PR #1007: URL: https://github.com/apache/knox/pull/1007#issuecomment-2740573925
> > > How does this affect behavior when topology-level config exists for the same? > > > > > > If both are enabled and there is a request for that specific topology the WebAppSec configuration will take precedence. > > Is there a test for that? No there isn't, I validated the behaviour manually. The handler and the StrictTransportFilter are in two different modules and are called at different points of the requests lifecycle. What I can do is mock a response object and call the handle and doFilter methods with it and verify after. The setHeader method is used in the StrictTransportFilter which will override the existing header. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
