Update CORS support
This commit updates CORS support in order to check Origin header in CorsUtils#isPreFlightRequest which does not change how Spring MVC or WebFlux process CORS request but is more correct in term of behavior since it is a public API potentially used in another contexts. It also removes an unnecessary check in AbstractHandlerMethodMapping#hasCorsConfigurationSource and processes every preflight request with PreFlightHandler. Closes gh-24327
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -86,7 +86,8 @@ class CorsAbstractHandlerMappingTests {
|
||||
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
|
||||
|
||||
assertThat(chain).isNotNull();
|
||||
assertThat(chain.getHandler()).isInstanceOf(SimpleHandler.class);
|
||||
assertThat(chain.getHandler()).isNotNull();
|
||||
assertThat(chain.getHandler().getClass().getSimpleName()).isEqualTo("PreFlightHandler");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -69,6 +69,10 @@ public class CrossOriginTests {
|
||||
|
||||
private final MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
private final String optionsHandler = "org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping$HttpOptionsHandler#handle()";
|
||||
|
||||
private final String corsPreflightHandler = "org.springframework.web.servlet.handler.AbstractHandlerMapping$PreFlightHandler";
|
||||
|
||||
|
||||
@BeforeEach
|
||||
@SuppressWarnings("resource")
|
||||
@@ -96,6 +100,25 @@ public class CrossOriginTests {
|
||||
assertThat(getCorsConfiguration(chain, false)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noAnnotationWithAccessControlRequestMethod() throws Exception {
|
||||
this.handlerMapping.registerHandler(new MethodLevelController());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/no");
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
|
||||
assertThat(chain.getHandler().toString()).isEqualTo(optionsHandler);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noAnnotationWithPreflightRequest() throws Exception {
|
||||
this.handlerMapping.registerHandler(new MethodLevelController());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/no");
|
||||
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com/");
|
||||
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
|
||||
assertThat(chain.getHandler().getClass().getName()).isEqualTo(corsPreflightHandler);
|
||||
}
|
||||
|
||||
@Test // SPR-12931
|
||||
public void noAnnotationWithOrigin() throws Exception {
|
||||
this.handlerMapping.registerHandler(new MethodLevelController());
|
||||
|
||||
Reference in New Issue
Block a user