Add an option to disable automatic addition of CORS header
Issues: SPR-12283
This commit is contained in:
@@ -178,6 +178,7 @@ public class HandlersBeanDefinitionParserTests {
|
||||
assertThat(sockJsService, instanceOf(DefaultSockJsService.class));
|
||||
DefaultSockJsService defaultSockJsService = (DefaultSockJsService) sockJsService;
|
||||
assertThat(defaultSockJsService.getTaskScheduler(), instanceOf(ThreadPoolTaskScheduler.class));
|
||||
assertFalse(defaultSockJsService.shouldSuppressCors());
|
||||
|
||||
Map<TransportType, TransportHandler> transportHandlers = defaultSockJsService.getTransportHandlers();
|
||||
assertThat(transportHandlers.values(),
|
||||
@@ -232,6 +233,7 @@ public class HandlersBeanDefinitionParserTests {
|
||||
List<HandshakeInterceptor> interceptors = transportService.getHandshakeInterceptors();
|
||||
assertThat(interceptors, contains(instanceOf(OriginHandshakeInterceptor.class)));
|
||||
assertEquals(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"), transportService.getAllowedOrigins());
|
||||
assertTrue(transportService.shouldSuppressCors());
|
||||
}
|
||||
|
||||
private void loadBeanDefinitions(String fileName) {
|
||||
|
||||
@@ -154,6 +154,7 @@ public class MessageBrokerBeanDefinitionParserTests {
|
||||
.getTransportHandlers().get(TransportType.WEBSOCKET);
|
||||
assertNotNull(wsTransportHandler.getHandshakeHandler());
|
||||
assertThat(wsTransportHandler.getHandshakeHandler(), Matchers.instanceOf(TestHandshakeHandler.class));
|
||||
assertFalse(defaultSockJsService.shouldSuppressCors());
|
||||
|
||||
ThreadPoolTaskScheduler scheduler = (ThreadPoolTaskScheduler) defaultSockJsService.getTaskScheduler();
|
||||
assertEquals(Runtime.getRuntime().availableProcessors(), scheduler.getScheduledThreadPoolExecutor().getCorePoolSize());
|
||||
|
||||
@@ -104,6 +104,7 @@ public class WebMvcStompWebSocketEndpointRegistrationTests {
|
||||
assertNotNull(requestHandler.getSockJsService());
|
||||
DefaultSockJsService sockJsService = (DefaultSockJsService)requestHandler.getSockJsService();
|
||||
assertEquals(Arrays.asList(origin), sockJsService.getAllowedOrigins());
|
||||
assertFalse(sockJsService.shouldSuppressCors());
|
||||
|
||||
registration =
|
||||
new WebMvcStompWebSocketEndpointRegistration(new String[] {"/foo"}, this.handler, this.scheduler);
|
||||
@@ -114,6 +115,22 @@ public class WebMvcStompWebSocketEndpointRegistrationTests {
|
||||
assertNotNull(requestHandler.getSockJsService());
|
||||
sockJsService = (DefaultSockJsService)requestHandler.getSockJsService();
|
||||
assertEquals(Arrays.asList(origin), sockJsService.getAllowedOrigins());
|
||||
assertFalse(sockJsService.shouldSuppressCors());
|
||||
}
|
||||
|
||||
@Test // SPR-12283
|
||||
public void disableCorsWithSockJsService() {
|
||||
WebMvcStompWebSocketEndpointRegistration registration =
|
||||
new WebMvcStompWebSocketEndpointRegistration(new String[] {"/foo"}, this.handler, this.scheduler);
|
||||
|
||||
registration.withSockJS().setSupressCors(true);
|
||||
|
||||
MultiValueMap<HttpRequestHandler, String> mappings = registration.getMappings();
|
||||
assertEquals(1, mappings.size());
|
||||
SockJsHttpRequestHandler requestHandler = (SockJsHttpRequestHandler)mappings.entrySet().iterator().next().getKey();
|
||||
assertNotNull(requestHandler.getSockJsService());
|
||||
DefaultSockJsService sockJsService = (DefaultSockJsService)requestHandler.getSockJsService();
|
||||
assertTrue(sockJsService.shouldSuppressCors());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -237,6 +237,42 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
assertEquals("Origin", this.servletResponse.getHeader("Vary"));
|
||||
}
|
||||
|
||||
@Test // SPR-12283
|
||||
public void handleInfoOptionsWithOriginAndCorsDisabled() throws Exception {
|
||||
setOrigin("http://mydomain2.com");
|
||||
this.service.setSuppressCors(true);
|
||||
|
||||
this.servletRequest.addHeader("Access-Control-Request-Headers", "Last-Modified");
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
|
||||
this.response.flush();
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Origin"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Credentials"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Headers"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Methods"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Max-Age"));
|
||||
assertEquals("Origin", this.servletResponse.getHeader("Vary"));
|
||||
|
||||
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com"));
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
|
||||
this.response.flush();
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Origin"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Credentials"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Headers"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Methods"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Max-Age"));
|
||||
assertNull(this.servletResponse.getHeader("Vary"));
|
||||
|
||||
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"));
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
|
||||
this.response.flush();
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Origin"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Credentials"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Headers"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Allow-Methods"));
|
||||
assertNull(this.servletResponse.getHeader("Access-Control-Max-Age"));
|
||||
assertEquals("Origin", this.servletResponse.getHeader("Vary"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void handleIframeRequest() throws Exception {
|
||||
resetResponseAndHandleRequest("GET", "/echo/iframe.html", HttpStatus.OK);
|
||||
|
||||
Reference in New Issue
Block a user