HTTP OPTIONS lists all HTTP methods except TRACE
This is in line with the current behavior of HttpServlet that would have been in used with dispatchOptionsRequest on the DispatcherSerlvet set to false (the default prior to 4.3). Issue: SPR-13130
This commit is contained in:
@@ -16,15 +16,11 @@
|
||||
|
||||
package org.springframework.web.servlet.mvc;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
import org.springframework.web.servlet.support.WebContentGenerator;
|
||||
import org.springframework.web.util.WebUtils;
|
||||
@@ -155,10 +151,8 @@ public abstract class AbstractController extends WebContentGenerator implements
|
||||
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
|
||||
throws Exception {
|
||||
|
||||
String[] supportedMethods = getSupportedMethods();
|
||||
if (HttpMethod.OPTIONS.matches(request.getMethod()) && !ObjectUtils.isEmpty(supportedMethods)) {
|
||||
List<String> value = Arrays.asList(supportedMethods);
|
||||
response.setHeader("Allow", StringUtils.collectionToCommaDelimitedString(value));
|
||||
if (HttpMethod.OPTIONS.matches(request.getMethod())) {
|
||||
response.setHeader("Allow", getAllowHeader());
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -317,8 +317,11 @@ public abstract class RequestMappingInfoHandlerMapping extends AbstractHandlerMe
|
||||
private static Set<HttpMethod> initAllowedHttpMethods(Set<String> declaredMethods) {
|
||||
Set<HttpMethod> result = new LinkedHashSet<HttpMethod>(declaredMethods.size());
|
||||
if (declaredMethods.isEmpty()) {
|
||||
result.add(HttpMethod.GET);
|
||||
result.add(HttpMethod.HEAD);
|
||||
for (HttpMethod method : HttpMethod.values()) {
|
||||
if (!HttpMethod.TRACE.equals(method)) {
|
||||
result.add(method);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
boolean hasHead = declaredMethods.contains("HEAD");
|
||||
|
||||
@@ -112,7 +112,7 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
|
||||
|
||||
|
||||
public ResourceHttpRequestHandler() {
|
||||
super(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.OPTIONS.name());
|
||||
super(HttpMethod.GET.name(), HttpMethod.HEAD.name());
|
||||
this.resourceResolvers.add(new PathResourceResolver());
|
||||
}
|
||||
|
||||
@@ -226,6 +226,11 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
|
||||
public void handleRequest(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
|
||||
if (HttpMethod.OPTIONS.matches(request.getMethod())) {
|
||||
response.setHeader("Allow", getAllowHeader());
|
||||
return;
|
||||
}
|
||||
|
||||
// Supported methods and required session
|
||||
checkRequest(request);
|
||||
|
||||
@@ -237,11 +242,6 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
|
||||
return;
|
||||
}
|
||||
|
||||
if (HttpMethod.OPTIONS.matches(request.getMethod())) {
|
||||
response.setHeader("Allow", "GET,HEAD");
|
||||
return;
|
||||
}
|
||||
|
||||
// Header phase
|
||||
if (new ServletWebRequest(request, response).checkNotModified(resource.lastModified())) {
|
||||
logger.trace("Resource not modified - returning 304");
|
||||
|
||||
Reference in New Issue
Block a user