Remove isNonceBased() from header writers

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>

Author: ziqin

web/src/main/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.java

@@ -194,17 +194,6 @@ public void setReportOnly(boolean reportOnly) {
 		this.reportOnly = reportOnly;
 	}
 
-	/**
-	 * Returns whether the content security policy is nonce-based. The CSP is considered
-	 * nonce-based if the configured {@code policyDirectives} string contains a
-	 * {@code {nonce}} placeholder.
-	 * @return whether the content security policy is nonce-based
-	 * @since 7.1
-	 */
-	public boolean isNonceBased() {
-		return this.isNonceBased;
-	}
-
 	@Override
 	public String toString() {
 		return getClass().getName() + " [policyDirectives=" + this.policyDirectives + "; reportOnly=" + this.reportOnly

web/src/main/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriter.java

@@ -120,17 +120,6 @@ public void setReportOnly(boolean reportOnly) {
 		this.reportOnly = reportOnly;
 	}
 
-	/**
-	 * Returns whether the content security policy is nonce-based. The CSP is considered
-	 * nonce-based if the configured {@code policyDirectives} string contains a
-	 * {@code {nonce}} placeholder.
-	 * @return whether the content security policy is nonce-based
-	 * @since 7.1
-	 */
-	public boolean isNonceBased() {
-		return this.isNonceBased;
-	}
-
 	private static String resolveHeader(boolean reportOnly) {
 		return reportOnly ? CONTENT_SECURITY_POLICY_REPORT_ONLY : CONTENT_SECURITY_POLICY;
 	}

web/src/test/java/org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriterTests.java

@@ -131,18 +131,6 @@ public void writeContentSecurityPolicyReportOnlyHeaderWhenNotPresent() {
 		assertThat(this.response.getHeader(CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER)).isSameAs(value);
 	}
 
-	@Test
-	public void whenPolicyDirectivesContainNoncePlaceholderThenWriterIsNonceBased() {
-		this.writer.setPolicyDirectives("script-src 'self' 'nonce-{nonce}'");
-		assertThat(this.writer.isNonceBased()).isTrue();
-		this.writer.setPolicyDirectives("script-src 'nonce-{nonce}'; style-src 'nonce-{nonce}'");
-		assertThat(this.writer.isNonceBased()).isTrue();
-		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
-		assertThat(this.writer.isNonceBased()).isFalse();
-		this.writer.setPolicyDirectives("script-src 'self' 'sha256-A/nonce/without/braces/is/not/a/placeholder='");
-		assertThat(this.writer.isNonceBased()).isFalse();
-	}
-
 	@Test
 	public void writeNonceBasedCspWhenNoncePresent() {
 		this.writer.setPolicyDirectives("script-src 'nonce-{nonce}'; style-src 'nonce-{nonce}'");

web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java

@@ -96,18 +96,6 @@ public void writeHeadersWhenAlreadyWrittenThenDoesNotOverride() {
 		assertThat(headers.get(CONTENT_SECURITY_POLICY_HEADER)).containsOnly(headerValue);
 	}
 
-	@Test
-	public void whenPolicyDirectivesContainNoncePlaceholderThenWriterIsNonceBased() {
-		this.writer.setPolicyDirectives("script-src 'self' 'nonce-{nonce}'");
-		assertThat(this.writer.isNonceBased()).isTrue();
-		this.writer.setPolicyDirectives("script-src 'nonce-{nonce}'; style-src 'nonce-{nonce}'");
-		assertThat(this.writer.isNonceBased()).isTrue();
-		this.writer.setPolicyDirectives(DEFAULT_POLICY_DIRECTIVES);
-		assertThat(this.writer.isNonceBased()).isFalse();
-		this.writer.setPolicyDirectives("script-src 'self' 'sha256-A/nonce/without/braces/is/not/a/placeholder='");
-		assertThat(this.writer.isNonceBased()).isFalse();
-	}
-
 	@Test
 	public void writeNonceBasedCspWhenNoncePresent() {
 		this.writer.setPolicyDirectives("script-src 'nonce-{nonce}'; style-src 'nonce-{nonce}'");