CorsConfiguration now supports pattern based origins.

Closes gh-24763
This commit is contained in:
Ruslan Akhundov
2020-05-04 09:55:30 +01:00
committed by Rossen Stoyanchev
parent a1bab14140
commit 8632118e8d
9 changed files with 308 additions and 19 deletions

View File

@@ -121,8 +121,20 @@ class CorsAbstractHandlerMappingTests {
}
@PathPatternsParameterizedTest
void preflightRequestWithMappedCorsConfig(TestHandlerMapping mapping) throws Exception {
void actualRequestWithMappedPatternCorsConfiguration(TestHandlerMapping mapping) throws Exception {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOriginPattern(".*\\.domain2\\.com");
mapping.setCorsConfigurations(Collections.singletonMap("/foo", config));
MockHttpServletRequest request = getCorsRequest("/foo");
HandlerExecutionChain chain = mapping.getHandler(request);
assertThat(chain).isNotNull();
assertThat(chain.getHandler()).isInstanceOf(SimpleHandler.class);
assertThat(mapping.getRequiredCorsConfig().getAllowedOriginsPatterns()).containsExactly(".*\\.domain2\\.com");
}
@PathPatternsParameterizedTest
void preflightRequestWithMappedCorsConfig(TestHandlerMapping mapping) throws Exception {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
mapping.setCorsConfigurations(Collections.singletonMap("/foo", config));

View File

@@ -72,6 +72,7 @@ class CrossOriginTests {
StaticWebApplicationContext wac = new StaticWebApplicationContext();
Properties props = new Properties();
props.setProperty("myOrigin", "https://example.com");
props.setProperty("myDomainPattern", ".*\\.example\\.com");
wac.getEnvironment().getPropertySources().addFirst(new PropertiesPropertySource("ps", props));
wac.registerSingleton("ppc", PropertySourcesPlaceholderConfigurer.class);
wac.refresh();
@@ -197,6 +198,30 @@ class CrossOriginTests {
assertThat(config.getAllowCredentials()).isNull();
}
@PathPatternsParameterizedTest
public void customOriginPatternViaValueAttribute(TestRequestMappingInfoHandlerMapping mapping) throws Exception {
mapping.registerHandler(new MethodLevelController());
this.request.setRequestURI("/customOriginPattern");
HandlerExecutionChain chain = mapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).isNull();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowCredentials()).isNull();
}
@PathPatternsParameterizedTest
public void customOriginPatternViaPlaceholder(TestRequestMappingInfoHandlerMapping mapping) throws Exception {
mapping.registerHandler(new MethodLevelController());
this.request.setRequestURI("/customOriginPatternPlaceholder");
HandlerExecutionChain chain = mapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).isNull();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowCredentials()).isNull();
}
@PathPatternsParameterizedTest
void bogusAllowCredentialsValue(TestRequestMappingInfoHandlerMapping mapping) {
assertThatIllegalStateException().isThrownBy(() ->
@@ -407,6 +432,16 @@ class CrossOriginTests {
@RequestMapping("/someOrigin")
public void customOriginDefinedViaPlaceholder() {
}
@CrossOrigin(originsPatterns = ".*\\.example\\.com")
@RequestMapping("/customOriginPattern")
public void customOriginPatternDefinedViaValueAttribute() {
}
@CrossOrigin(originsPatterns = "${myDomainPattern}")
@RequestMapping("/customOriginPatternPlaceholder")
public void customOriginPatternDefinedViaPlaceholder() {
}
}