Improve CORS handling in AbstractSockJsService

After this change, AbstractSockJsService does not add CORS headers if
the response already contains an "Access-Control-Allow-Origin" header.
Essentially it backs off assuming CORS headers are handled centrally
e.g. through a Filter.

In order to support this, the ServletServerHttpResponse now returns an
instance of HttpHeaders that also provides access to headers already
present in the HttpServletResponse.

Issue: SPR-11443
This commit is contained in:
Rossen Stoyanchev
2014-03-05 21:02:03 -05:00
parent cf3b2b1a4d
commit 49d7bda722
5 changed files with 144 additions and 41 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2012 the original author or authors.
* Copyright 2002-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
package org.springframework.http.server;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.List;
import org.junit.Before;
@@ -71,6 +72,19 @@ public class ServletServerHttpResponseTests {
assertEquals("Invalid Content-Type", "UTF-8", mockResponse.getCharacterEncoding());
}
@Test
public void getHeadersFromHttpServletResponse() {
String headerName = "Access-Control-Allow-Origin";
String headerValue = "localhost:8080";
this.mockResponse.addHeader(headerName, headerValue);
this.response = new ServletServerHttpResponse(this.mockResponse);
assertEquals(headerValue, this.response.getHeaders().getFirst(headerName));
assertEquals(Arrays.asList(headerValue), this.response.getHeaders().get(headerName));
}
@Test
public void getBody() throws Exception {
byte[] content = "Hello World".getBytes("UTF-8");