Consider @CrossOrigin(originPatterns = …).

RepositoryRestHandlerMapping's RepositoryCorsConfigurationAccessor now also evaluates @CrossOrigin's originPatterns into the CorsConfiguration.

Fixes #2077.
This commit is contained in:
Oliver Drotbohm
2021-10-18 19:56:46 +02:00
parent e9b1405669
commit a40aec5deb
2 changed files with 8 additions and 2 deletions

View File

@@ -394,6 +394,10 @@ public class RepositoryRestHandlerMapping extends BasePathAwareHandlerMapping {
config.addExposedHeader(resolveCorsAnnotationValue(header));
}
for (String originPattern : annotation.originPatterns()) {
config.addAllowedOriginPattern(originPattern);
}
String allowCredentials = resolveCorsAnnotationValue(annotation.allowCredentials());
if ("true".equalsIgnoreCase(allowCredentials)) {

View File

@@ -70,7 +70,7 @@ class RepositoryCorsConfigurationAccessorUnitTests {
assertThat(configuration.getMaxAge()).isEqualTo(1800L);
}
@Test // DATAREST-573
@Test // DATAREST-573, #2077
void createConfigurationShouldConstructFullCorsConfiguration() {
CorsConfiguration configuration = accessor.createConfiguration(FullyConfiguredCorsRepository.class);
@@ -84,6 +84,7 @@ class RepositoryCorsConfigurationAccessorUnitTests {
assertThat(configuration.getAllowedMethods()).doesNotContain("DELETE");
assertThat(configuration.getAllowCredentials()).isTrue();
assertThat(configuration.getMaxAge()).isEqualTo(1234L);
assertThat(configuration.getAllowedOriginPatterns()).containsExactly("somePattern");
}
@Test // DATAREST-994
@@ -105,6 +106,7 @@ class RepositoryCorsConfigurationAccessorUnitTests {
allowedHeaders = "Content-type", //
maxAge = 1234, exposedHeaders = "Accept", //
methods = RequestMethod.PATCH, //
allowCredentials = "true")
allowCredentials = "true", //
originPatterns = "somePattern")
interface FullyConfiguredCorsRepository {}
}