Fix Spotless formatting violations in security header files

Co-authored-by: commjoen <[email protected]>

Author: Copilot

src/main/java/org/owasp/wrongsecrets/SecurityConfig.java

@@ -30,9 +30,11 @@ public SecurityFilterChain security(
     configureBasicAuthentication(http, auths);
     configureCsrf(http);
     // Disable default security headers since we handle them in SecurityHeaderAddingFilter
-    http.headers(headers -> 
-        headers.frameOptions(frameOptions -> frameOptions.sameOrigin())
-               .contentTypeOptions(Customizer.withDefaults()));
+    http.headers(
+        headers ->
+            headers
+                .frameOptions(frameOptions -> frameOptions.sameOrigin())
+                .contentTypeOptions(Customizer.withDefaults()));
     return http.build();
   }
 

src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java

@@ -14,26 +14,25 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
       throws IOException, ServletException {
     HttpServletResponse res = (HttpServletResponse) response;
     res.addHeader("Server", "WrongSecrets - Star us!");
-    res.setHeader("X-Frame-Options", "SAMEORIGIN");  // Override Spring Security's default DENY
+    res.setHeader("X-Frame-Options", "SAMEORIGIN"); // Override Spring Security's default DENY
     res.setHeader("X-Content-Type-Options", "nosniff");
-    
+
     // Improved Content Security Policy - more restrictive than wildcard
     res.setHeader(
         "Content-Security-Policy",
-        "default-src 'self'; script-src 'self' 'unsafe-inline' https://buttons.github.io https://api.github.com; " +
-        "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; " +
-        "font-src 'self' https://fonts.gstatic.com; " +
-        "img-src 'self' data: https:; " +
-        "connect-src 'self' https://api.github.com");
-    
+        "default-src 'self'; script-src 'self' 'unsafe-inline' https://buttons.github.io"
+            + " https://api.github.com; style-src 'self' 'unsafe-inline'"
+            + " https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src"
+            + " 'self' data: https:; connect-src 'self' https://api.github.com");
+
     // Add Permissions Policy header
     res.setHeader("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
-    
+
     // Add cache control headers to prevent caching of sensitive content
     res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
     res.setHeader("Pragma", "no-cache");
     res.setHeader("Expires", "0");
-    
+
     chain.doFilter(request, res);
   }
 }

src/test/java/org/owasp/wrongsecrets/SecurityHeaderTest.java

@@ -43,7 +43,8 @@ void shouldHaveContentSecurityPolicyHeader() throws Exception {
   void shouldHavePermissionsPolicyHeader() throws Exception {
     mvc.perform(get("/"))
         .andExpect(status().isOk())
-        .andExpect(header().string("Permissions-Policy", "geolocation=(), microphone=(), camera=()"));
+        .andExpect(
+            header().string("Permissions-Policy", "geolocation=(), microphone=(), camera=()"));
   }
 
   @Test
@@ -59,11 +60,13 @@ void shouldHaveCacheControlHeaders() throws Exception {
   void shouldNotHaveWildcardInCSP() throws Exception {
     mvc.perform(get("/"))
         .andExpect(status().isOk())
-        .andExpect(result -> {
-          String csp = result.getResponse().getHeader("Content-Security-Policy");
-          if (csp != null && csp.contains("default-src *")) {
-            throw new AssertionError("CSP should not contain wildcard directive 'default-src *'");
-          }
-        });
+        .andExpect(
+            result -> {
+              String csp = result.getResponse().getHeader("Content-Security-Policy");
+              if (csp != null && csp.contains("default-src *")) {
+                throw new AssertionError(
+                    "CSP should not contain wildcard directive 'default-src *'");
+              }
+            });
   }
-}
+}