Fix http URLs
See gh-22839
This commit is contained in:
committed by
Stephane Nicoll
parent
b5fba14ab8
commit
fde92793b5
@@ -81,18 +81,22 @@ public class ServletServerHttpRequestTests {
|
||||
|
||||
@Test // SPR-16414
|
||||
public void getUriWithQueryParam() throws URISyntaxException {
|
||||
mockRequest.setScheme("https");
|
||||
mockRequest.setServerPort(443);
|
||||
mockRequest.setServerName("example.com");
|
||||
mockRequest.setRequestURI("/path");
|
||||
mockRequest.setQueryString("query=foo");
|
||||
assertThat(request.getURI()).isEqualTo(new URI("http://example.com/path?query=foo"));
|
||||
assertThat(request.getURI()).isEqualTo(new URI("https://example.com/path?query=foo"));
|
||||
}
|
||||
|
||||
@Test // SPR-16414
|
||||
public void getUriWithMalformedQueryParam() throws URISyntaxException {
|
||||
mockRequest.setScheme("https");
|
||||
mockRequest.setServerPort(443);
|
||||
mockRequest.setServerName("example.com");
|
||||
mockRequest.setRequestURI("/path");
|
||||
mockRequest.setQueryString("query=foo%%x");
|
||||
assertThat(request.getURI()).isEqualTo(new URI("http://example.com/path"));
|
||||
assertThat(request.getURI()).isEqualTo(new URI("https://example.com/path"));
|
||||
}
|
||||
|
||||
@Test // SPR-13876
|
||||
|
||||
@@ -50,7 +50,7 @@ public class DefaultCorsProcessorTests {
|
||||
public void setup() {
|
||||
this.request = new MockHttpServletRequest();
|
||||
this.request.setRequestURI("/test.html");
|
||||
this.request.setServerName("domain1.com");
|
||||
this.request.setServerName("domain1.example");
|
||||
this.conf = new CorsConfiguration();
|
||||
this.response = new MockHttpServletResponse();
|
||||
this.response.setStatus(HttpServletResponse.SC_OK);
|
||||
@@ -71,7 +71,7 @@ public class DefaultCorsProcessorTests {
|
||||
@Test
|
||||
public void sameOriginRequest() throws Exception {
|
||||
this.request.setMethod(HttpMethod.GET.name());
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain1.com");
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain1.example");
|
||||
|
||||
this.processor.processRequest(this.conf, this.request, this.response);
|
||||
assertThat(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isFalse();
|
||||
@@ -124,7 +124,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("https://domain2.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.setAllowCredentials(true);
|
||||
|
||||
this.processor.processRequest(this.conf, this.request, this.response);
|
||||
@@ -296,7 +296,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("https://domain2.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
|
||||
@@ -318,7 +318,7 @@ public class DefaultCorsProcessorTests {
|
||||
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
|
||||
|
||||
@@ -39,7 +39,7 @@ public class CorsUtilsTests {
|
||||
|
||||
@Test
|
||||
public void isCorsRequest() {
|
||||
ServerHttpRequest request = get("http://domain.com/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
|
||||
ServerHttpRequest request = get("http://domain.example/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
|
||||
assertThat(CorsUtils.isCorsRequest(request)).isTrue();
|
||||
}
|
||||
|
||||
@@ -69,32 +69,32 @@ public class CorsUtilsTests {
|
||||
|
||||
@Test // SPR-16262
|
||||
public void isSameOriginWithXForwardedHeaders() {
|
||||
String server = "mydomain1.com";
|
||||
testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.com");
|
||||
testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.com");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", -1, "https://mydomain2.com");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", -1, "https://mydomain2.com");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
|
||||
String server = "mydomain1.example";
|
||||
testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.example");
|
||||
testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.example");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", -1, "https://mydomain2.example");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", -1, "https://mydomain2.example");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
|
||||
}
|
||||
|
||||
@Test // SPR-16262
|
||||
public void isSameOriginWithForwardedHeader() {
|
||||
String server = "mydomain1.com";
|
||||
testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.com");
|
||||
testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.com");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com", "https://mydomain2.com");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com", "https://mydomain2.com");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
|
||||
String server = "mydomain1.example";
|
||||
testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.example");
|
||||
testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.example");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example", "https://mydomain2.example");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example", "https://mydomain2.example");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
|
||||
}
|
||||
|
||||
@Test // SPR-16362
|
||||
@SuppressWarnings("deprecation")
|
||||
public void isSameOriginWithDifferentSchemes() {
|
||||
MockServerHttpRequest request = MockServerHttpRequest
|
||||
.get("http://mydomain1.com")
|
||||
.header(HttpHeaders.ORIGIN, "https://mydomain1.com")
|
||||
.get("http://mydomain1.example")
|
||||
.header(HttpHeaders.ORIGIN, "https://mydomain1.example")
|
||||
.build();
|
||||
assertThat(CorsUtils.isSameOrigin(request)).isFalse();
|
||||
}
|
||||
|
||||
@@ -58,7 +58,7 @@ public class DefaultCorsProcessorTests {
|
||||
@Test
|
||||
public void requestWithoutOriginHeader() throws Exception {
|
||||
MockServerHttpRequest request = MockServerHttpRequest
|
||||
.method(HttpMethod.GET, "http://domain1.com/test.html")
|
||||
.method(HttpMethod.GET, "http://domain1.example/test.html")
|
||||
.build();
|
||||
ServerWebExchange exchange = MockServerWebExchange.from(request);
|
||||
this.processor.process(this.conf, exchange);
|
||||
@@ -73,8 +73,8 @@ public class DefaultCorsProcessorTests {
|
||||
@Test
|
||||
public void sameOriginRequest() throws Exception {
|
||||
MockServerHttpRequest request = MockServerHttpRequest
|
||||
.method(HttpMethod.GET, "http://domain1.com/test.html")
|
||||
.header(HttpHeaders.ORIGIN, "http://domain1.com")
|
||||
.method(HttpMethod.GET, "http://domain1.example/test.html")
|
||||
.header(HttpHeaders.ORIGIN, "http://domain1.example")
|
||||
.build();
|
||||
ServerWebExchange exchange = MockServerWebExchange.from(request);
|
||||
this.processor.process(this.conf, exchange);
|
||||
@@ -129,7 +129,7 @@ public class DefaultCorsProcessorTests {
|
||||
ServerWebExchange exchange = actualRequest();
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("https://domain2.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.setAllowCredentials(true);
|
||||
this.processor.process(this.conf, exchange);
|
||||
|
||||
@@ -306,7 +306,7 @@ public class DefaultCorsProcessorTests {
|
||||
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("https://domain2.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
|
||||
@@ -330,7 +330,7 @@ public class DefaultCorsProcessorTests {
|
||||
|
||||
this.conf.addAllowedOrigin("https://domain1.com");
|
||||
this.conf.addAllowedOrigin("*");
|
||||
this.conf.addAllowedOrigin("http://domain3.com");
|
||||
this.conf.addAllowedOrigin("http://domain3.example");
|
||||
this.conf.addAllowedHeader("Header1");
|
||||
this.conf.setAllowCredentials(true);
|
||||
|
||||
|
||||
@@ -313,7 +313,7 @@ public class ForwardedHeaderFilterTests {
|
||||
public void forwardedRequestWithServletForward() throws Exception {
|
||||
this.request.setRequestURI("/foo");
|
||||
this.request.addHeader(X_FORWARDED_PROTO, "https");
|
||||
this.request.addHeader(X_FORWARDED_HOST, "www.mycompany.com");
|
||||
this.request.addHeader(X_FORWARDED_HOST, "www.mycompany.example");
|
||||
this.request.addHeader(X_FORWARDED_PORT, "443");
|
||||
|
||||
this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain);
|
||||
@@ -328,7 +328,7 @@ public class ForwardedHeaderFilterTests {
|
||||
|
||||
assertThat(actual).isNotNull();
|
||||
assertThat(actual.getRequestURI()).isEqualTo("/bar");
|
||||
assertThat(actual.getRequestURL().toString()).isEqualTo("https://www.mycompany.com/bar");
|
||||
assertThat(actual.getRequestURL().toString()).isEqualTo("https://www.mycompany.example/bar");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -440,7 +440,7 @@ public class ForwardedHeaderFilterTests {
|
||||
this.request.addHeader(X_FORWARDED_HOST, "example.com");
|
||||
this.request.addHeader(X_FORWARDED_PORT, "443");
|
||||
|
||||
String location = "http://example.org/foo/bar";
|
||||
String location = "http://company.example/foo/bar";
|
||||
String redirectedUrl = sendRedirect(location);
|
||||
assertThat(redirectedUrl).isEqualTo(location);
|
||||
}
|
||||
|
||||
@@ -49,31 +49,31 @@ public class DefaultUriBuilderFactoryTests {
|
||||
|
||||
@Test
|
||||
public void baseUri() {
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1?id=123");
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1?id=123");
|
||||
URI uri = factory.uriString("/bar").port(8080).build();
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.com:8080/v1/bar?id=123");
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.example:8080/v1/bar?id=123");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void baseUriWithFullOverride() {
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1?id=123");
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1?id=123");
|
||||
URI uri = factory.uriString("https://example.com/1/2").build();
|
||||
assertThat(uri.toString()).as("Use of host should case baseUri to be completely ignored").isEqualTo("https://example.com/1/2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void baseUriWithPathOverride() {
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.com/v1");
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://foo.example/v1");
|
||||
URI uri = factory.builder().replacePath("/baz").build();
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.com/baz");
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.example/baz");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void defaultUriVars() {
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://{host}/v1");
|
||||
factory.setDefaultUriVariables(singletonMap("host", "foo.com"));
|
||||
factory.setDefaultUriVariables(singletonMap("host", "foo.example"));
|
||||
URI uri = factory.uriString("/{id}").build(singletonMap("id", "123"));
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.com/v1/123");
|
||||
assertThat(uri.toString()).isEqualTo("https://foo.example/v1/123");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -87,9 +87,9 @@ public class DefaultUriBuilderFactoryTests {
|
||||
@Test
|
||||
public void defaultUriVarsWithEmptyVarArg() {
|
||||
DefaultUriBuilderFactory factory = new DefaultUriBuilderFactory("https://{host}/v1");
|
||||
factory.setDefaultUriVariables(singletonMap("host", "foo.com"));
|
||||
factory.setDefaultUriVariables(singletonMap("host", "foo.example"));
|
||||
URI uri = factory.uriString("/bar").build();
|
||||
assertThat(uri.toString()).as("Expected delegation to build(Map) method").isEqualTo("https://foo.com/v1/bar");
|
||||
assertThat(uri.toString()).as("Expected delegation to build(Map) method").isEqualTo("https://foo.example/v1/bar");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -92,41 +92,41 @@ public class WebUtilsTests {
|
||||
@Test
|
||||
public void isValidOrigin() {
|
||||
List<String> allowed = Collections.emptyList();
|
||||
assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain1.com", allowed)).isTrue();
|
||||
assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed)).isFalse();
|
||||
assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain1.example", allowed)).isTrue();
|
||||
assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain2.example", allowed)).isFalse();
|
||||
|
||||
allowed = Collections.singletonList("*");
|
||||
assertThat(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed)).isTrue();
|
||||
assertThat(checkValidOrigin("mydomain1.example", -1, "http://mydomain2.example", allowed)).isTrue();
|
||||
|
||||
allowed = Collections.singletonList("http://mydomain1.com");
|
||||
assertThat(checkValidOrigin("mydomain2.com", -1, "http://mydomain1.com", allowed)).isTrue();
|
||||
assertThat(checkValidOrigin("mydomain2.com", -1, "http://mydomain3.com", allowed)).isFalse();
|
||||
allowed = Collections.singletonList("http://mydomain1.example");
|
||||
assertThat(checkValidOrigin("mydomain2.example", -1, "http://mydomain1.example", allowed)).isTrue();
|
||||
assertThat(checkValidOrigin("mydomain2.example", -1, "http://mydomain3.example", allowed)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void isSameOrigin() {
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80")).isTrue();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.com", 443, "https://mydomain1.com")).isTrue();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.com", 443, "https://mydomain1.com:443")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", 123, "http://mydomain1.com:123")).isTrue();
|
||||
assertThat(checkSameOrigin("ws", "mydomain1.com", -1, "ws://mydomain1.com")).isTrue();
|
||||
assertThat(checkSameOrigin("wss", "mydomain1.com", 443, "wss://mydomain1.com")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80")).isTrue();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.example", 443, "https://mydomain1.example")).isTrue();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.example", 443, "https://mydomain1.example:443")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", 123, "http://mydomain1.example:123")).isTrue();
|
||||
assertThat(checkSameOrigin("ws", "mydomain1.example", -1, "ws://mydomain1.example")).isTrue();
|
||||
assertThat(checkSameOrigin("wss", "mydomain1.example", 443, "wss://mydomain1.example")).isTrue();
|
||||
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain2.com")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "https://mydomain1.com")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "invalid-origin")).isFalse();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.com", -1, "http://mydomain1.com")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain2.example")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "https://mydomain1.example")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "invalid-origin")).isFalse();
|
||||
assertThat(checkSameOrigin("https", "mydomain1.example", -1, "http://mydomain1.example")).isFalse();
|
||||
|
||||
// Handling of invalid origins as described in SPR-13478
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com/")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80/")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com/path")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.com", -1, "http://mydomain1.com:80/path")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com/")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com:80/")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com/path")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.com", -1, "http://mydomain1.com:80/path")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example/")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80/")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example/path")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain1.example", -1, "http://mydomain1.example:80/path")).isTrue();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example/")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example:80/")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example/path")).isFalse();
|
||||
assertThat(checkSameOrigin("http", "mydomain2.example", -1, "http://mydomain1.example:80/path")).isFalse();
|
||||
|
||||
// Handling of IPv6 hosts as described in SPR-13525
|
||||
assertThat(checkSameOrigin("http", "[::1]", -1, "http://[::1]")).isTrue();
|
||||
@@ -144,24 +144,24 @@ public class WebUtilsTests {
|
||||
|
||||
@Test // SPR-16262
|
||||
public void isSameOriginWithXForwardedHeaders() throws Exception {
|
||||
String server = "mydomain1.com";
|
||||
testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.com");
|
||||
testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.com");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", -1, "https://mydomain2.com");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", -1, "https://mydomain2.com");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.com", 456, "https://mydomain2.com:456");
|
||||
String server = "mydomain1.example";
|
||||
testWithXForwardedHeaders(server, -1, "https", null, -1, "https://mydomain1.example");
|
||||
testWithXForwardedHeaders(server, 123, "https", null, -1, "https://mydomain1.example");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", -1, "https://mydomain2.example");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", -1, "https://mydomain2.example");
|
||||
testWithXForwardedHeaders(server, -1, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
|
||||
testWithXForwardedHeaders(server, 123, "https", "mydomain2.example", 456, "https://mydomain2.example:456");
|
||||
}
|
||||
|
||||
@Test // SPR-16262
|
||||
public void isSameOriginWithForwardedHeader() throws Exception {
|
||||
String server = "mydomain1.com";
|
||||
testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.com");
|
||||
testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.com");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com", "https://mydomain2.com");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com", "https://mydomain2.com");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.com:456", "https://mydomain2.com:456");
|
||||
String server = "mydomain1.example";
|
||||
testWithForwardedHeader(server, -1, "proto=https", "https://mydomain1.example");
|
||||
testWithForwardedHeader(server, 123, "proto=https", "https://mydomain1.example");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example", "https://mydomain2.example");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example", "https://mydomain2.example");
|
||||
testWithForwardedHeader(server, -1, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
|
||||
testWithForwardedHeader(server, 123, "proto=https; host=mydomain2.example:456", "https://mydomain2.example:456");
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user