Add Access-Control-Request-Method check for CORS preflight requests

Issue: SPR-13193
This commit is contained in:
Sebastien Deleuze
2015-07-07 09:34:39 +02:00
parent aea23e42c7
commit 8ee0e78980
3 changed files with 8 additions and 3 deletions

View File

@@ -21,6 +21,7 @@ import static org.junit.Assert.*;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.test.MockHttpServletRequest;
/**
@@ -46,7 +47,7 @@ public class CorsUtilsTests {
@Test
public void isPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod("OPTIONS");
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
assertTrue(CorsUtils.isPreFlightRequest(request));
@@ -58,10 +59,12 @@ public class CorsUtilsTests {
assertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
assertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
assertFalse(CorsUtils.isPreFlightRequest(request));
}