Updates to CORS patterns contribution
Closes gh-25016
This commit is contained in:
@@ -914,7 +914,7 @@ public class MvcNamespaceTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCors() throws Exception {
|
||||
public void testCors() {
|
||||
loadBeanDefinitions("mvc-config-cors.xml");
|
||||
|
||||
String[] beanNames = appContext.getBeanNamesForType(AbstractHandlerMapping.class);
|
||||
@@ -930,6 +930,7 @@ public class MvcNamespaceTests {
|
||||
CorsConfiguration config = configs.get("/api/**");
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[]{"https://domain1.com", "https://domain2.com"});
|
||||
assertThat(config.getAllowedOriginPatterns().toArray()).isEqualTo(new String[]{"http://*.domain.com"});
|
||||
assertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[]{"GET", "PUT"});
|
||||
assertThat(config.getAllowedHeaders().toArray()).isEqualTo(new String[]{"header1", "header2", "header3"});
|
||||
assertThat(config.getExposedHeaders().toArray()).isEqualTo(new String[]{"header1", "header2"});
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -17,6 +17,7 @@
|
||||
package org.springframework.web.servlet.config.annotation;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
@@ -61,11 +62,19 @@ public class CorsRegistryTests {
|
||||
assertThat(configs.size()).isEqualTo(1);
|
||||
CorsConfiguration config = configs.get("/foo");
|
||||
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain2.com", "https://domain2.com"));
|
||||
assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList("DELETE"));
|
||||
assertThat(config.getAllowedMethods()).isEqualTo(Collections.singletonList("DELETE"));
|
||||
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("header1", "header2"));
|
||||
assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header3", "header4"));
|
||||
assertThat(config.getAllowCredentials()).isEqualTo(false);
|
||||
assertThat(config.getMaxAge()).isEqualTo(Long.valueOf(3600));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allowCredentials() {
|
||||
this.registry.addMapping("/foo").allowCredentials(true);
|
||||
CorsConfiguration config = this.registry.getCorsConfigurations().get("/foo");
|
||||
assertThat(config.getAllowedOrigins())
|
||||
.as("Globally origins=\"*\" and allowCredentials=true should be possible")
|
||||
.containsExactly("*");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,14 +123,14 @@ class CorsAbstractHandlerMappingTests {
|
||||
@PathPatternsParameterizedTest
|
||||
void actualRequestWithMappedPatternCorsConfiguration(TestHandlerMapping mapping) throws Exception {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.addAllowedOriginPattern(".*\\.domain2\\.com");
|
||||
config.addAllowedOriginPattern("http://*.domain2.com");
|
||||
mapping.setCorsConfigurations(Collections.singletonMap("/foo", config));
|
||||
MockHttpServletRequest request = getCorsRequest("/foo");
|
||||
HandlerExecutionChain chain = mapping.getHandler(request);
|
||||
|
||||
assertThat(chain).isNotNull();
|
||||
assertThat(chain.getHandler()).isInstanceOf(SimpleHandler.class);
|
||||
assertThat(mapping.getRequiredCorsConfig().getAllowedOriginPatterns()).containsExactly(".*\\.domain2\\.com");
|
||||
assertThat(mapping.getRequiredCorsConfig().getAllowedOriginPatterns()).containsExactly("http://*.domain2.com");
|
||||
}
|
||||
|
||||
@PathPatternsParameterizedTest
|
||||
@@ -158,7 +158,8 @@ class CorsAbstractHandlerMappingTests {
|
||||
|
||||
CorsConfiguration config = mapping.getRequiredCorsConfig();
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedOrigins()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).containsExactly("*");
|
||||
assertThat(config.getAllowCredentials()).isTrue();
|
||||
}
|
||||
|
||||
@@ -174,7 +175,8 @@ class CorsAbstractHandlerMappingTests {
|
||||
|
||||
CorsConfiguration config = mapping.getRequiredCorsConfig();
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedOrigins()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).containsExactly("*");
|
||||
assertThat(config.getAllowCredentials()).isTrue();
|
||||
}
|
||||
|
||||
@@ -283,7 +285,7 @@ class CorsAbstractHandlerMappingTests {
|
||||
@Override
|
||||
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.addAllowedOrigin("*");
|
||||
config.addAllowedOriginPattern("*");
|
||||
config.setAllowCredentials(true);
|
||||
return config;
|
||||
}
|
||||
|
||||
@@ -55,6 +55,7 @@ import org.springframework.web.util.ServletRequestPathUtils;
|
||||
import org.springframework.web.util.pattern.PathPatternParser;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
||||
|
||||
/**
|
||||
@@ -72,7 +73,7 @@ class CrossOriginTests {
|
||||
StaticWebApplicationContext wac = new StaticWebApplicationContext();
|
||||
Properties props = new Properties();
|
||||
props.setProperty("myOrigin", "https://example.com");
|
||||
props.setProperty("myDomainPattern", ".*\\.example\\.com");
|
||||
props.setProperty("myDomainPattern", "http://*.example.com");
|
||||
wac.getEnvironment().getPropertySources().addFirst(new PropertiesPropertySource("ps", props));
|
||||
wac.registerSingleton("ppc", PropertySourcesPlaceholderConfigurer.class);
|
||||
wac.refresh();
|
||||
@@ -206,7 +207,7 @@ class CrossOriginTests {
|
||||
CorsConfiguration config = getCorsConfiguration(chain, false);
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
|
||||
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList("http://*.example.com"));
|
||||
assertThat(config.getAllowCredentials()).isNull();
|
||||
}
|
||||
|
||||
@@ -218,16 +219,30 @@ class CrossOriginTests {
|
||||
CorsConfiguration config = getCorsConfiguration(chain, false);
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
|
||||
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList("http://*.example.com"));
|
||||
assertThat(config.getAllowCredentials()).isNull();
|
||||
}
|
||||
|
||||
@PathPatternsParameterizedTest
|
||||
void bogusAllowCredentialsValue(TestRequestMappingInfoHandlerMapping mapping) {
|
||||
assertThatIllegalStateException().isThrownBy(() ->
|
||||
mapping.registerHandler(new MethodLevelControllerWithBogusAllowCredentialsValue()))
|
||||
.withMessageContaining("@CrossOrigin's allowCredentials")
|
||||
.withMessageContaining("current value is [bogus]");
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> mapping.registerHandler(new MethodLevelControllerWithBogusAllowCredentialsValue()))
|
||||
.withMessageContaining("@CrossOrigin's allowCredentials")
|
||||
.withMessageContaining("current value is [bogus]");
|
||||
}
|
||||
|
||||
@PathPatternsParameterizedTest
|
||||
void allowCredentialsWithDefaultOrigin(TestRequestMappingInfoHandlerMapping mapping) {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> mapping.registerHandler(new CredentialsWithDefaultOriginController()))
|
||||
.withMessageContaining("When allowCredentials is true, allowedOrigins cannot contain");
|
||||
}
|
||||
|
||||
@PathPatternsParameterizedTest
|
||||
void allowCredentialsWithWildcardOrigin(TestRequestMappingInfoHandlerMapping mapping) {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> mapping.registerHandler(new CredentialsWithWildcardOriginController()))
|
||||
.withMessageContaining("When allowCredentials is true, allowedOrigins cannot contain");
|
||||
}
|
||||
|
||||
@PathPatternsParameterizedTest
|
||||
@@ -255,7 +270,8 @@ class CrossOriginTests {
|
||||
config = getCorsConfiguration(chain, false);
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedMethods()).containsExactly("GET");
|
||||
assertThat(config.getAllowedOrigins()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).containsExactly("*");
|
||||
assertThat(config.getAllowCredentials()).isTrue();
|
||||
}
|
||||
|
||||
@@ -313,7 +329,8 @@ class CrossOriginTests {
|
||||
CorsConfiguration config = getCorsConfiguration(chain, true);
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedMethods()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).containsExactly("*");
|
||||
assertThat(config.getAllowedHeaders()).containsExactly("*");
|
||||
assertThat(config.getAllowCredentials()).isTrue();
|
||||
assertThat(CollectionUtils.isEmpty(config.getExposedHeaders())).isTrue();
|
||||
@@ -330,7 +347,8 @@ class CrossOriginTests {
|
||||
CorsConfiguration config = getCorsConfiguration(chain, true);
|
||||
assertThat(config).isNotNull();
|
||||
assertThat(config.getAllowedMethods()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).containsExactly("*");
|
||||
assertThat(config.getAllowedOrigins()).isNull();
|
||||
assertThat(config.getAllowedOriginPatterns()).containsExactly("*");
|
||||
assertThat(config.getAllowedHeaders()).containsExactly("*");
|
||||
assertThat(config.getAllowCredentials()).isTrue();
|
||||
assertThat(CollectionUtils.isEmpty(config.getExposedHeaders())).isTrue();
|
||||
@@ -433,7 +451,7 @@ class CrossOriginTests {
|
||||
public void customOriginDefinedViaPlaceholder() {
|
||||
}
|
||||
|
||||
@CrossOrigin(originPatterns = ".*\\.example\\.com")
|
||||
@CrossOrigin(originPatterns = "http://*.example.com")
|
||||
@RequestMapping("/customOriginPattern")
|
||||
public void customOriginPatternDefinedViaValueAttribute() {
|
||||
}
|
||||
@@ -469,11 +487,31 @@ class CrossOriginTests {
|
||||
public void bar() {
|
||||
}
|
||||
|
||||
@CrossOrigin(allowCredentials = "true")
|
||||
@CrossOrigin(originPatterns = "*", allowCredentials = "true")
|
||||
@RequestMapping(path = "/baz", method = RequestMethod.GET)
|
||||
public void baz() {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Controller
|
||||
@CrossOrigin(allowCredentials = "true")
|
||||
private static class CredentialsWithDefaultOriginController {
|
||||
|
||||
@GetMapping(path = "/no-origin")
|
||||
public void noOrigin() {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Controller
|
||||
@CrossOrigin(allowCredentials = "true")
|
||||
private static class CredentialsWithWildcardOriginController {
|
||||
|
||||
@GetMapping(path = "/no-origin")
|
||||
@CrossOrigin(origins = "*")
|
||||
public void wildcardOrigin() {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -495,6 +533,8 @@ class CrossOriginTests {
|
||||
@RequestMapping(path = "/foo", method = RequestMethod.GET)
|
||||
public void foo() {
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user