Make DefaultCorsProcessor Servlet 2.5 compliant
This commit adds CORS related headers to HttpHeaders and update DefaultCorsProcessor implementation to use ServerHttpRequest and ServerHttpResponse instead of HttpServletRequest and HttpServletResponse. Usage of ServerHttpResponse allows to avoid using Servlet 3.0 specific methods in order keep CORS support Servlet 2.5 compliant. Issue: SPR-12885
This commit is contained in:
@@ -32,12 +32,16 @@ import java.util.TimeZone;
|
||||
import org.hamcrest.Matchers;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link org.springframework.http.HttpHeaders}.
|
||||
* @author Arjen Poutsma
|
||||
* @author Sebastien Deleuze
|
||||
*/
|
||||
public class HttpHeadersTests {
|
||||
|
||||
@@ -267,4 +271,70 @@ public class HttpHeadersTests {
|
||||
assertThat(headers.getAllow(), Matchers.emptyCollectionOf(HttpMethod.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlAllowCredentials() {
|
||||
assertFalse(headers.getAccessControlAllowCredentials());
|
||||
headers.setAccessControlAllowCredentials(false);
|
||||
assertFalse(headers.getAccessControlAllowCredentials());
|
||||
headers.setAccessControlAllowCredentials(true);
|
||||
assertTrue(headers.getAccessControlAllowCredentials());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlAllowHeaders() {
|
||||
List<String> allowedHeaders = headers.getAccessControlAllowHeaders();
|
||||
assertThat(allowedHeaders, Matchers.emptyCollectionOf(String.class));
|
||||
headers.setAccessControlAllowHeaders(Arrays.asList("header1", "header2"));
|
||||
allowedHeaders = headers.getAccessControlAllowHeaders();
|
||||
assertEquals(allowedHeaders, Arrays.asList("header1", "header2"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlAllowMethods() {
|
||||
List<HttpMethod> allowedMethods = headers.getAccessControlAllowMethods();
|
||||
assertThat(allowedMethods, Matchers.emptyCollectionOf(HttpMethod.class));
|
||||
headers.setAccessControlAllowMethods(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
|
||||
allowedMethods = headers.getAccessControlAllowMethods();
|
||||
assertEquals(allowedMethods, Arrays.asList(HttpMethod.GET, HttpMethod.POST));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlAllowOrigin() {
|
||||
assertNull(headers.getAccessControlAllowOrigin());
|
||||
headers.setAccessControlAllowOrigin("*");
|
||||
assertEquals("*", headers.getAccessControlAllowOrigin());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlExposeHeaders() {
|
||||
List<String> exposedHeaders = headers.getAccessControlExposeHeaders();
|
||||
assertThat(exposedHeaders, Matchers.emptyCollectionOf(String.class));
|
||||
headers.setAccessControlExposeHeaders(Arrays.asList("header1", "header2"));
|
||||
exposedHeaders = headers.getAccessControlExposeHeaders();
|
||||
assertEquals(exposedHeaders, Arrays.asList("header1", "header2"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlMaxAge() {
|
||||
assertEquals(-1, headers.getAccessControlMaxAge());
|
||||
headers.setAccessControlMaxAge(3600);
|
||||
assertEquals(3600, headers.getAccessControlMaxAge());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlRequestHeaders() {
|
||||
List<String> requestHeaders = headers.getAccessControlRequestHeaders();
|
||||
assertThat(requestHeaders, Matchers.emptyCollectionOf(String.class));
|
||||
headers.setAccessControlRequestHeaders(Arrays.asList("header1", "header2"));
|
||||
requestHeaders = headers.getAccessControlRequestHeaders();
|
||||
assertEquals(requestHeaders, Arrays.asList("header1", "header2"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessControlRequestMethod() {
|
||||
assertNull(headers.getAccessControlRequestMethod());
|
||||
headers.setAccessControlRequestMethod(HttpMethod.POST);
|
||||
assertEquals(HttpMethod.POST, headers.getAccessControlRequestMethod());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ public class CorsUtilsTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setMethod("OPTIONS");
|
||||
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
|
||||
request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
assertTrue(CorsUtils.isPreFlightRequest(request));
|
||||
}
|
||||
|
||||
@@ -62,7 +62,7 @@ public class CorsUtilsTests {
|
||||
assertFalse(CorsUtils.isPreFlightRequest(request));
|
||||
|
||||
request = new MockHttpServletRequest();
|
||||
request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
assertFalse(CorsUtils.isPreFlightRequest(request));
|
||||
}
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.setMethod(HttpMethod.GET.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -72,10 +72,10 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("*", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_MAX_AGE));
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_EXPOSE_HEADERS));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("*", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -88,10 +88,10 @@ public class DefaultCorsProcessorTests {
|
||||
this.conf.addAllowedOrigin("http://domain2.com/logout.html");
|
||||
this.conf.setAllowCredentials(true);
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -102,10 +102,10 @@ public class DefaultCorsProcessorTests {
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.conf.setAllowCredentials(true);
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/TEST.html");
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -127,11 +127,11 @@ public class DefaultCorsProcessorTests {
|
||||
this.conf.addExposedHeader("header2");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/test.html");
|
||||
this.processor.processActualRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_EXPOSE_HEADERS));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1"));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2"));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1"));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2"));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -139,7 +139,7 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestAllOriginsAllowed() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
@@ -149,7 +149,7 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestWrongAllowedMethod() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "DELETE");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "DELETE");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
|
||||
@@ -159,17 +159,17 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestMatchedAllowedMethod() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
assertEquals("GET", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
assertEquals("GET", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void preflightRequestWithoutOriginHeader() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
}
|
||||
|
||||
@@ -178,7 +178,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -186,9 +186,9 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestWithoutRequestMethod() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -196,10 +196,10 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestWithRequestAndMethodHeaderButNoConfig() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -207,19 +207,19 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestValidRequestAndConfig() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.conf.addAllowedMethod("GET");
|
||||
this.conf.addAllowedMethod("PUT");
|
||||
this.conf.addAllowedHeader("header1");
|
||||
this.conf.addAllowedHeader("header2");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("*", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
assertEquals("GET,PUT", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
assertFalse(response.containsHeader(CorsUtils.ACCESS_CONTROL_MAX_AGE));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("*", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
assertEquals("GET,PUT", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
|
||||
assertFalse(response.containsHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -227,18 +227,18 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestCrendentials() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/home.html");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/test.html");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/logout.html");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -246,16 +246,16 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestCrendentialsWithOriginWildcard() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/home.html");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/logout.html");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("http://domain2.com/test.html", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -263,18 +263,18 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestAllowedHeaders() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.addAllowedHeader("Header2");
|
||||
this.conf.addAllowedHeader("Header3");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/test.html");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
|
||||
assertFalse(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header3"));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
|
||||
assertFalse(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header3"));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
@@ -282,16 +282,16 @@ public class DefaultCorsProcessorTests {
|
||||
public void preflightRequestAllowsAllHeaders() throws Exception {
|
||||
this.request.setMethod(HttpMethod.OPTIONS.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com/test.html");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
|
||||
this.request.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.conf.addAllowedHeader("*");
|
||||
this.conf.addAllowedOrigin("http://domain2.com/test.html");
|
||||
this.processor.processPreFlightRequest(this.conf, request, response);
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
|
||||
assertTrue(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
|
||||
assertFalse(response.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_HEADERS).contains("*"));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertTrue(response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
|
||||
assertTrue(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
|
||||
assertFalse(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("*"));
|
||||
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user