CorsConfiguration ignores trailing "/" in pattern

Recent commit dddcc5e9ad ensured a
trailing "/" in the Origin header has no effect. This commit does the
same for a trailing "/" in configured patterns.

See gh-26892
This commit is contained in:
Rossen Stoyanchev
2021-05-10 12:02:08 +01:00
parent 07ba95739b
commit dc4e053d59
2 changed files with 17 additions and 4 deletions

View File

@@ -282,17 +282,25 @@ public class CorsConfigurationTests {
@Test
public void checkOriginAllowed() {
// "*" matches
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("*");
// "*" does not match together with allowCredentials
config.setAllowCredentials(true);
assertThatIllegalArgumentException().isThrownBy(() -> config.checkOrigin("https://domain.com"));
// specific origin matches Origin header with or without trailing "/"
config.setAllowedOrigins(Collections.singletonList("https://domain.com"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com");
// specific origin with trailing "/" matches Origin header with or without trailing "/"
config.setAllowedOrigins(Collections.singletonList("https://domain.com/"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com");
config.setAllowCredentials(false);
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
}