From 71e2d8e9dec60550201243d2b5a56a9d73525781 Mon Sep 17 00:00:00 2001 From: Sebastien Deleuze Date: Thu, 12 Nov 2015 10:40:32 +0100 Subject: [PATCH] Handle correctly * in CorsConfiguration#combine() other parameter Issue: SPR-13674 --- .../web/cors/CorsConfiguration.java | 3 +-- .../web/cors/CorsConfigurationTests.java | 15 ++++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java index 2da82ef8b1..4cc231e50c 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java +++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java @@ -17,7 +17,6 @@ package org.springframework.web.cors; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -103,7 +102,7 @@ public class CorsConfiguration { } private List combine(List source, List other) { - if (other == null) { + if (other == null || other.contains(ALL)) { return source; } if (source == null || source.contains(ALL)) { diff --git a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java index 0d76e27b7f..8d3651c500 100644 --- a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java +++ b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java @@ -114,11 +114,16 @@ public class CorsConfigurationTests { other.addAllowedHeader("header1"); other.addExposedHeader("header2"); other.addAllowedMethod(HttpMethod.PUT.name()); - config = config.combine(other); - assertEquals(Arrays.asList("http://domain.com"), config.getAllowedOrigins()); - assertEquals(Arrays.asList("header1"), config.getAllowedHeaders()); - assertEquals(Arrays.asList("header2"), config.getExposedHeaders()); - assertEquals(Arrays.asList(HttpMethod.PUT.name()), config.getAllowedMethods()); + CorsConfiguration combinedConfig = config.combine(other); + assertEquals(Arrays.asList("http://domain.com"), combinedConfig.getAllowedOrigins()); + assertEquals(Arrays.asList("header1"), combinedConfig.getAllowedHeaders()); + assertEquals(Arrays.asList("header2"), combinedConfig.getExposedHeaders()); + assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods()); + combinedConfig = other.combine(config); + assertEquals(Arrays.asList("http://domain.com"), combinedConfig.getAllowedOrigins()); + assertEquals(Arrays.asList("header1"), combinedConfig.getAllowedHeaders()); + assertEquals(Arrays.asList("header2"), combinedConfig.getExposedHeaders()); + assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods()); } @Test