Here are the examples of the java api org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
186 Examples
19
View Source File : SockJsServiceTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
// SPR-16304
@Test
public void handleInfoOptionsWithForbiddenOrigin() {
this.servletRequest.setServerName("mydomain3.com");
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
CorsConfiguration corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertTrue(corsConfiguration.getAllowedOrigins().isEmpty());
this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.com"));
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertEquals(Collections.singletonList("https://mydomain1.com"), corsConfiguration.getAllowedOrigins());
}
19
View Source File : RequestMethodsRequestCondition.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
/**
* On a pre-flight request match to the would-be, actual request.
* Hence empty conditions is a match, otherwise try to match to the HTTP
* method in the "Access-Control-Request-Method" header.
*/
@Nullable
private RequestMethodsRequestCondition matchPreFlight(HttpServletRequest request) {
if (getMethods().isEmpty()) {
return this;
}
String expectedMethod = request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
return matchRequestMethod(expectedMethod);
}
19
View Source File : SockJsServiceTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// SPR-16304
@Test
public void handleInfoOptionsWithForbiddenOrigin() {
this.servletRequest.setServerName("mydomain3.com");
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
CorsConfiguration corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertThat(corsConfiguration.getAllowedOrigins().isEmpty()).isTrue();
this.service.setAllowedOrigins(Collections.singletonList("https://mydomain1.example"));
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertThat(corsConfiguration.getAllowedOrigins()).isEqualTo(Collections.singletonList("https://mydomain1.example"));
}
19
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
void preflightRequestWithCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.OPTIONS.name());
this.request.setRequestURI("/cors");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isNotNull();
replacedertThat(chain.getHandler().getClreplaced().getSimpleName()).isEqualTo("PreFlightHandler");
replacedertThat(getRequiredCorsConfiguration(chain, true).getAllowedOrigins()).containsExactly("*");
}
19
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
void preflightRequestWithoutCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.OPTIONS.name());
this.request.setRequestURI("/foo");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isNotNull();
replacedertThat(chain.getHandler().getClreplaced().getSimpleName()).isEqualTo("PreFlightHandler");
}
19
View Source File : GlobalCorsConfigIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void preFlightRequestWithCorsRejected(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertThatExceptionOfType(HttpClientErrorException.clreplaced).isThrownBy(() -> performOptions("/cors-restricted", this.headers, String.clreplaced)).satisfies(ex -> replacedertThat(ex.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN));
}
19
View Source File : GlobalCorsConfigIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void preFlightRequestWithoutCorsEnabled(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertThatExceptionOfType(HttpClientErrorException.clreplaced).isThrownBy(() -> performOptions("/welcome", this.headers, String.clreplaced)).satisfies(ex -> replacedertThat(ex.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN));
}
19
View Source File : CrossOriginAnnotationIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void preflightRequestWithoutAnnotation(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
try {
performOptions("/no", this.headers, Void.clreplaced);
fail("Preflight request without CORS configuration should fail");
} catch (HttpClientErrorException ex) {
replacedertThat(ex.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
}
}
19
View Source File : CorsUtilsTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void isPreFlightRequest() {
ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "https://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
replacedertThat(CorsUtils.isPreFlightRequest(request)).isTrue();
}
19
View Source File : DefaultCorsProcessorTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, this.request, this.response);
replacedertThat(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isFalse();
replacedertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
19
View Source File : SockJsServiceTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
// SPR-16304
@Test
public void handleInfoOptionsWithForbiddenOrigin() {
this.servletRequest.setServerName("mydomain3.com");
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
CorsConfiguration corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertTrue(corsConfiguration.getAllowedOrigins().isEmpty());
this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com"));
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN);
corsConfiguration = this.service.getCorsConfiguration(this.servletRequest);
replacedertEquals(Collections.singletonList("http://mydomain1.com"), corsConfiguration.getAllowedOrigins());
}
19
View Source File : MockedRestServerEngine.java
License : Apache License 2.0
Project Creator : matthewgallina
License : Apache License 2.0
Project Creator : matthewgallina
void handleCORS(final MockedServerConfigDTO config) {
final String enableCors = config.getNativeProperties().get(GeneralUtils.ENABLE_CORS_PARAM);
if (!Boolean.TRUE.toString().equalsIgnoreCase(enableCors)) {
return;
}
Spark.options("/*", (request, response) -> {
final String accessControlRequestHeaders = request.headers(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
if (accessControlRequestHeaders != null) {
response.header(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, accessControlRequestHeaders);
}
final String accessControlRequestMethod = request.headers(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
if (accessControlRequestMethod != null) {
response.header(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, accessControlRequestMethod);
}
return HttpStatus.OK.name();
});
Spark.before((request, response) -> response.header(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, GeneralUtils.PATH_WILDCARD));
}
18
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void corsIsDisabledByDefault() throws Exception {
createMockMvc().perform(options("/actuator/beans").header("Origin", "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
}
18
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
private ResultActions performAcceptedCorsRequest(String url) throws Exception {
return createMockMvc().perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foo.example.com")).andExpect(status().isOk());
}
18
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void corsIsDisabledByDefault() {
createWebTestClient().options().uri("/actuator/beans").header("Origin", "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectStatus().isForbidden().expectHeader().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN);
}
18
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
private WebTestClient.ResponseSpec performAcceptedCorsRequest(String url) {
return createWebTestClient().options().uri(url).header(HttpHeaders.ORIGIN, "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "spring.example.org").expectStatus().isOk();
}
18
View Source File : ReactiveCloudFoundrySecurityInterceptorTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void preHandleWhenRequestIsPreFlightShouldBeOk() {
MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest.options("/a").header(HttpHeaders.ORIGIN, "http://example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build());
StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeNextWith((response) -> replacedertThat(response.getStatus()).isEqualTo(HttpStatus.OK)).verifyComplete();
}
18
View Source File : CrossOriginTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void ambiguousProducesPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/ambiguous-produces");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertNotNull(config);
replacedertArrayEquals(new String[] { "*" }, config.getAllowedMethods().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
replacedertTrue(config.getAllowCredentials());
replacedertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
replacedertNull(config.getMaxAge());
}
18
View Source File : CrossOriginTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void ambiguousHeaderPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "header1");
this.request.setRequestURI("/ambiguous-header");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertNotNull(config);
replacedertArrayEquals(new String[] { "*" }, config.getAllowedMethods().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
replacedertTrue(config.getAllowCredentials());
replacedertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
replacedertNull(config.getMaxAge());
}
18
View Source File : CrossOriginTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/default");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertNotNull(config);
replacedertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
replacedertNull(config.getAllowCredentials());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
replacedertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
replacedertEquals(new Long(1800), config.getMaxAge());
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preflightRequestWithoutCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.OPTIONS.name());
this.request.setRequestURI("/foo");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = handlerMapping.getHandler(this.request);
replacedertNotNull(chain);
replacedertTrue(chain.getHandler() instanceof SimpleHandler);
}
18
View Source File : GlobalCorsConfigIntegrationTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preFlightRequestWithCorsRejected() throws Exception {
try {
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
performOptions("/cors-restricted", this.headers, String.clreplaced);
fail();
} catch (HttpClientErrorException e) {
replacedertEquals(HttpStatus.FORBIDDEN, e.getStatusCode());
}
}
18
View Source File : GlobalCorsConfigIntegrationTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preFlightRequestWithoutCorsEnabled() throws Exception {
try {
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
performOptions("/welcome", this.headers, String.clreplaced);
fail();
} catch (HttpClientErrorException e) {
replacedertEquals(HttpStatus.FORBIDDEN, e.getStatusCode());
}
}
18
View Source File : CorsFilterTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void invalidPreFlightRequest() throws ServletException, IOException {
MockHttpServletRequest request = new MockHttpServletRequest(HttpMethod.OPTIONS.name(), "/test.html");
request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name());
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = (filterRequest, filterResponse) -> fail("Preflight requests must not be forwarded to the filter chain");
filter.doFilter(request, response, filterChain);
replacedertNull(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isPreFlightRequest() {
ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "https://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
18
View Source File : DefaultCorsProcessorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus());
}
18
View Source File : DefaultCorsProcessor.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Override
@SuppressWarnings("resource")
public boolean processRequest(@Nullable CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException {
response.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
response.addHeader(HttpHeaders.VARY, HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
response.addHeader(HttpHeaders.VARY, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
if (!CorsUtils.isCorsRequest(request)) {
return true;
}
if (response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) != null) {
logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\"");
return true;
}
boolean preFlightRequest = CorsUtils.isPreFlightRequest(request);
if (config == null) {
if (preFlightRequest) {
rejectRequest(new ServletServerHttpResponse(response));
return false;
} else {
return true;
}
}
return handleInternal(new ServletServerHttpRequest(request), new ServletServerHttpResponse(response), config, preFlightRequest);
}
18
View Source File : CrossOriginTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void ambiguousProducesPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/ambiguous-produces");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertThat(config).isNotNull();
replacedertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(config.getAllowedHeaders().toArray()).isEqualTo(new String[] { "*" });
replacedertThat((boolean) config.getAllowCredentials()).isTrue();
replacedertThat(CollectionUtils.isEmpty(config.getExposedHeaders())).isTrue();
replacedertThat(config.getMaxAge()).isNull();
}
18
View Source File : CrossOriginTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void preFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/default");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertThat(config).isNotNull();
replacedertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[] { "GET" });
replacedertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(config.getAllowCredentials()).isNull();
replacedertThat(config.getAllowedHeaders().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(CollectionUtils.isEmpty(config.getExposedHeaders())).isTrue();
replacedertThat(config.getMaxAge()).isEqualTo(new Long(1800));
}
18
View Source File : CrossOriginTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void ambiguousHeaderPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "header1");
this.request.setRequestURI("/ambiguous-header");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertThat(config).isNotNull();
replacedertThat(config.getAllowedMethods().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(config.getAllowedOrigins().toArray()).isEqualTo(new String[] { "*" });
replacedertThat(config.getAllowedHeaders().toArray()).isEqualTo(new String[] { "*" });
replacedertThat((boolean) config.getAllowCredentials()).isTrue();
replacedertThat(CollectionUtils.isEmpty(config.getExposedHeaders())).isTrue();
replacedertThat(config.getMaxAge()).isNull();
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
void actualRequestWithCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.GET.name());
this.request.setRequestURI("/cors");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isInstanceOf(CorsAwareHandler.clreplaced);
replacedertThat(getRequiredCorsConfiguration(chain, false).getAllowedOrigins()).containsExactly("*");
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
void preflightRequestWithCorsConfigurationSource() throws Exception {
this.handlerMapping.setCorsConfigurationSource(new CustomCorsConfigurationSource());
this.request.setMethod(RequestMethod.OPTIONS.name());
this.request.setRequestURI("/foo");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isNotNull();
replacedertThat(chain.getHandler().getClreplaced().getSimpleName()).isEqualTo("PreFlightHandler");
CorsConfiguration config = getRequiredCorsConfiguration(chain, true);
replacedertThat(config).isNotNull();
replacedertThat(config.getAllowedOrigins()).containsExactly("*");
replacedertThat(config.getAllowCredentials()).isTrue();
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// see gh-23843
@Test
void actualRequestWithCorsConfigurationProviderForHandlerChain() throws Exception {
this.request.setMethod(RequestMethod.GET.name());
this.request.setRequestURI("/chain");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isInstanceOf(CorsAwareHandler.clreplaced);
replacedertThat(getRequiredCorsConfiguration(chain, false).getAllowedOrigins()).containsExactly("*");
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
void actualRequestWithoutCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.GET.name());
this.request.setRequestURI("/foo");
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = this.handlerMapping.getHandler(this.request);
replacedertThat(chain).isNotNull();
replacedertThat(chain.getHandler()).isInstanceOf(SimpleHandler.clreplaced);
}
18
View Source File : CrossOriginAnnotationIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void optionsRequestWithAccessControlRequestMethod(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.clear();
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
ResponseEnreplacedy<String> enreplacedy = performOptions("/no", this.headers, String.clreplaced);
replacedertThat(enreplacedy.getBody()).isNull();
}
18
View Source File : CrossOriginAnnotationIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void ambiguousProducesPreflightRequest(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
ResponseEnreplacedy<String> enreplacedy = performOptions("/ambiguous-produces", this.headers, String.clreplaced);
replacedertThat(enreplacedy.getStatusCode()).isEqualTo(HttpStatus.OK);
replacedertThat(enreplacedy.getHeaders().getAccessControlAllowOrigin()).isEqualTo("https://site1.com");
replacedertThat(enreplacedy.getHeaders().getAccessControlAllowMethods().toArray()).isEqualTo(new HttpMethod[] { HttpMethod.GET });
replacedertThat(enreplacedy.getHeaders().getAccessControlAllowCredentials()).isTrue();
}
18
View Source File : CrossOriginAnnotationIntegrationTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@ParameterizedHttpServerTest
void preflightRequestWithDefaultAnnotation(HttpServer httpServer) throws Exception {
startServer(httpServer);
this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
ResponseEnreplacedy<Void> enreplacedy = performOptions("/default", this.headers, Void.clreplaced);
replacedertThat(enreplacedy.getStatusCode()).isEqualTo(HttpStatus.OK);
replacedertThat(enreplacedy.getHeaders().getAccessControlAllowOrigin()).isEqualTo("*");
replacedertThat(enreplacedy.getHeaders().getAccessControlMaxAge()).isEqualTo(1800);
replacedertThat(enreplacedy.getHeaders().getAccessControlAllowCredentials()).isFalse();
}
18
View Source File : HttpIT.java
License : Apache License 2.0
Project Creator : snowdrop
License : Apache License 2.0
Project Creator : snowdrop
private void testCors(Clreplaced<?>... sources) {
startServerWithoutSecurity(sources);
WebTestClient client = getWebTestClient();
client.options().header(HttpHeaders.ORIGIN, "http://snowdrop.dev").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST").header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "TEST").exchange().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "http://snowdrop.dev").expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "POST").expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "TEST").expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1000");
client.post().header(HttpHeaders.ORIGIN, "http://snowdrop.dev").bodyValue("test").exchange().expectBody(String.clreplaced).isEqualTo("TEST");
client.post().header(HttpHeaders.ORIGIN, "http://example.com").bodyValue("test").exchange().expectStatus().isForbidden();
}
18
View Source File : CorsAbstractHandlerMappingTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void preflightRequestWithoutCorsConfigurationProvider() throws Exception {
this.request.setMethod(RequestMethod.OPTIONS.name());
this.request.setRequestURI("/foo");
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
HandlerExecutionChain chain = handlerMapping.getHandler(this.request);
replacedertNotNull(chain);
replacedertNotNull(chain.getHandler());
replacedertTrue(chain.getHandler().getClreplaced().getSimpleName().equals("PreFlightHandler"));
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void isPreFlightRequest() {
ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "http://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
18
View Source File : DefaultCorsProcessorTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus());
}
18
View Source File : CrossOriginTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/default");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
replacedertNotNull(config);
replacedertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
replacedertTrue(config.getAllowCredentials());
replacedertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
replacedertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
replacedertEquals(new Long(1800), config.getMaxAge());
}
18
View Source File : DefaultCorsProcessorTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, request, response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
}
18
View Source File : DefaultCorsProcessorTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preflightRequestAllOriginsAllowed() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(this.conf, request, response);
replacedertEquals(HttpServletResponse.SC_OK, response.getStatus());
}
18
View Source File : DefaultCorsProcessorTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preflightRequestWrongAllowedMethod() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "DELETE");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(this.conf, request, response);
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
}
18
View Source File : DefaultCorsProcessorTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preflightRequestMatchedAllowedMethod() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(this.conf, request, response);
replacedertEquals(HttpServletResponse.SC_OK, response.getStatus());
replacedertEquals("GET", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
}
17
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void settingAllowedOriginsEnablesCors() throws Exception {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com").applyTo(this.context);
createMockMvc().perform(options("/actuator/beans").header("Origin", "bar.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(status().isForbidden());
performAcceptedCorsRequest();
}
17
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void requestsWithDisallowedMethodsAreRejected() {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:spring.example.org").applyTo(this.context);
createWebTestClient().options().uri("/actuator/beans").header("Origin", "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH").exchange().expectStatus().isForbidden();
}
17
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void allowedMethodsCanBeConfigured() {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:spring.example.org", "management.endpoints.web.cors.allowed-methods:GET,HEAD").applyTo(this.context);
createWebTestClient().options().uri("/actuator/beans").header("Origin", "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD").exchange().expectStatus().isOk().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD");
}
17
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void settingAllowedOriginsEnablesCors() {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:spring.example.org").applyTo(this.context);
createWebTestClient().options().uri("/actuator/beans").header("Origin", "test.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectStatus().isForbidden();
performAcceptedCorsRequest("/actuator/beans");
}See More Examples
