diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java index c9f6e95191..9dd0c483b3 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java @@ -341,7 +341,7 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi "or an empty string (\"\"): current value is [" + allowCredentials + "]"); } - if (annotation.maxAge() >= 0 && config.getMaxAge() == null) { + if (annotation.maxAge() >= 0) { config.setMaxAge(annotation.maxAge()); } } diff --git a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java index aa7f287a4a..1a9ad307ec 100644 --- a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java +++ b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java @@ -29,6 +29,7 @@ import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -37,6 +38,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; +import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.reactive.config.EnableWebFlux; import org.springframework.web.testfixture.http.server.reactive.bootstrap.HttpServer; @@ -278,6 +280,19 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr assertThat(entity.getHeaders().getAccessControlAllowCredentials()).isTrue(); } + @ParameterizedHttpServerTest + void maxAgeWithDefaultOrigin(HttpServer httpServer) throws Exception { + startServer(httpServer); + + this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + ResponseEntity entity = performOptions("/classAge", this.headers, String.class); + assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); + assertThat(entity.getHeaders().getAccessControlMaxAge()).isEqualTo(10); + + entity = performOptions("/methodAge", this.headers, String.class); + assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); + assertThat(entity.getHeaders().getAccessControlMaxAge()).isEqualTo(100); + } @Configuration @EnableWebFlux @@ -395,4 +410,21 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr } } + @RestController + @CrossOrigin(maxAge = 10) + private static class MaxAgeWithDefaultOriginController { + + @CrossOrigin + @GetMapping(path = "/classAge") + public String classAge() { + return "classAge"; + } + + @CrossOrigin(maxAge = 100) + @GetMapping(path = "/methodAge") + public String methodAge() { + return "methodAge"; + } + } + } diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java index 4a3b98057c..549c3e90e2 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java @@ -476,7 +476,7 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi "or an empty string (\"\"): current value is [" + allowCredentials + "]"); } - if (annotation.maxAge() >= 0 && config.getMaxAge() == null) { + if (annotation.maxAge() >= 0 ) { config.setMaxAge(annotation.maxAge()); } } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java index 25bb6c5061..41a801ee68 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java @@ -362,6 +362,27 @@ class CrossOriginTests { assertThat(mapping.getHandler(request)).isNull(); } + @PathPatternsParameterizedTest + void maxAgeWithDefaultOrigin(TestRequestMappingInfoHandlerMapping mapping) throws Exception { + mapping.registerHandler(new MaxAgeWithDefaultOriginController()); + + this.request.setRequestURI("/classAge"); + HandlerExecutionChain chain = mapping.getHandler(request); + CorsConfiguration config = getCorsConfiguration(chain, false); + assertThat(config).isNotNull(); + assertThat(config.getAllowedMethods()).containsExactly("GET"); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getMaxAge()).isEqualTo(10); + + this.request.setRequestURI("/methodAge"); + chain = mapping.getHandler(request); + config = getCorsConfiguration(chain, false); + assertThat(config).isNotNull(); + assertThat(config.getAllowedMethods()).containsExactly("GET"); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getMaxAge()).isEqualTo(100); + } + @Nullable private CorsConfiguration getCorsConfiguration(@Nullable HandlerExecutionChain chain, boolean isPreFlightRequest) { @@ -490,6 +511,20 @@ class CrossOriginTests { } } + @Controller + @CrossOrigin(maxAge = 10) + private static class MaxAgeWithDefaultOriginController { + + @CrossOrigin + @RequestMapping(path = "/classAge", method = RequestMethod.GET) + public void classAge() { + } + + @CrossOrigin(maxAge = 100) + @RequestMapping(path = "/methodAge", method = RequestMethod.GET) + public void methodAge() { + } + } @Controller @CrossOrigin(allowCredentials = "true")