Add Access-Control-Request-Method check for CORS preflight requests
Issue: SPR-13193
This commit is contained in:
@@ -21,6 +21,7 @@ import static org.junit.Assert.*;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.mock.web.test.MockHttpServletRequest;
|
||||
|
||||
/**
|
||||
@@ -46,7 +47,7 @@ public class CorsUtilsTests {
|
||||
@Test
|
||||
public void isPreFlightRequest() {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setMethod("OPTIONS");
|
||||
request.setMethod(HttpMethod.OPTIONS.name());
|
||||
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
assertTrue(CorsUtils.isPreFlightRequest(request));
|
||||
@@ -58,10 +59,12 @@ public class CorsUtilsTests {
|
||||
assertFalse(CorsUtils.isPreFlightRequest(request));
|
||||
|
||||
request = new MockHttpServletRequest();
|
||||
request.setMethod(HttpMethod.OPTIONS.name());
|
||||
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
|
||||
assertFalse(CorsUtils.isPreFlightRequest(request));
|
||||
|
||||
request = new MockHttpServletRequest();
|
||||
request.setMethod(HttpMethod.OPTIONS.name());
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
assertFalse(CorsUtils.isPreFlightRequest(request));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user