Ensure local @CrossOrigin maxAge overrides global value

Prior to this commit, a method-level @CrossOrigin maxAge value did not
override a class-level @CrossOrigin maxAge value. This contradicts the
Javadoc for @CrossOrgin which states the following.

    For those attributes where only a single value can be accepted such
    as allowCredentials and maxAge, the local overrides the global
    value.

This commit ensures that a method-level @CrossOrigin maxAge value
overrides a class-level @CrossOrigin maxAge value.

Closes gh-26619
This commit is contained in:
GungnirLaevatain
2021-02-27 17:44:02 +08:00
committed by Sam Brannen
parent 5a11569790
commit 90de1ab6d1
4 changed files with 69 additions and 2 deletions

View File

@@ -362,6 +362,27 @@ class CrossOriginTests {
assertThat(mapping.getHandler(request)).isNull();
}
@PathPatternsParameterizedTest
void maxAgeWithDefaultOrigin(TestRequestMappingInfoHandlerMapping mapping) throws Exception {
mapping.registerHandler(new MaxAgeWithDefaultOriginController());
this.request.setRequestURI("/classAge");
HandlerExecutionChain chain = mapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedMethods()).containsExactly("GET");
assertThat(config.getAllowedOrigins()).containsExactly("*");
assertThat(config.getMaxAge()).isEqualTo(10);
this.request.setRequestURI("/methodAge");
chain = mapping.getHandler(request);
config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedMethods()).containsExactly("GET");
assertThat(config.getAllowedOrigins()).containsExactly("*");
assertThat(config.getMaxAge()).isEqualTo(100);
}
@Nullable
private CorsConfiguration getCorsConfiguration(@Nullable HandlerExecutionChain chain, boolean isPreFlightRequest) {
@@ -490,6 +511,20 @@ class CrossOriginTests {
}
}
@Controller
@CrossOrigin(maxAge = 10)
private static class MaxAgeWithDefaultOriginController {
@CrossOrigin
@RequestMapping(path = "/classAge", method = RequestMethod.GET)
public void classAge() {
}
@CrossOrigin(maxAge = 100)
@RequestMapping(path = "/methodAge", method = RequestMethod.GET)
public void methodAge() {
}
}
@Controller
@CrossOrigin(allowCredentials = "true")