Here are the examples of the java api org.springframework.http.HttpHeaders.ORIGIN taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
275 Examples
19
Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji
with Apache License 2.0
from yuanmabiji
private ResultActions performAcceptedCorsRequest(String url) throws Exception {
return createMockMvc().perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foo.example.com")).andExpect(status().isOk());
}
19
Source : WebFluxEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji
with Apache License 2.0
from yuanmabiji
private WebTestClient.ResponseSpec performAcceptedCorsRequest(String url) {
return createWebTestClient().options().uri(url).header(HttpHeaders.ORIGIN, "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "spring.example.org").expectStatus().isOk();
}
19
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void isCorsRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
replacedertTrue(CorsUtils.isCorsRequest(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void isPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void isNotPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
@Test
public void isPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
@Test
public void isNotPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
}
19
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
@Test
public void isCorsRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
replacedertTrue(CorsUtils.isCorsRequest(request));
}
19
Source : BasicRouteTests.java
with MIT License
from microsoft
with MIT License
from microsoft
@Test
public void CORS_Success_replacedlesEndpointResponse() throws URISyntaxException {
ResponseEnreplacedy<String> resreplacedles = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/replacedles")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
replacedert.replacedertTrue(resreplacedles.getStatusCode().is2xxSuccessful());
replacedert.replacedertEquals(resreplacedles.getHeaders().getAccessControlAllowOrigin(), "*");
}
19
Source : BasicRouteTests.java
with MIT License
from microsoft
with MIT License
from microsoft
@Test
public void CORS_Success_PeopleEndpointResponse() throws URISyntaxException {
ResponseEnreplacedy<String> resPeople = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/people")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
replacedert.replacedertTrue(resPeople.getStatusCode().is2xxSuccessful());
replacedert.replacedertEquals(resPeople.getHeaders().getAccessControlAllowOrigin(), "*");
}
19
Source : RequestMappingInfoTests.java
with Apache License 2.0
from langtianya
with Apache License 2.0
from langtianya
@Test
public void preFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/foo");
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST");
RequestMappingInfo info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.POST), null, null, null, null, null);
RequestMappingInfo match = info.getMatchingCondition(request);
replacedertNotNull(match);
info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.OPTIONS), null, null, null, null, null);
match = info.getMatchingCondition(request);
replacedertNotNull(match);
}
19
Source : GreetingIntegrationTests.java
with The Unlicense
from diegopacheco
with The Unlicense
from diegopacheco
@Test
public void corsWithJavaconfig() {
ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting-javaconfig")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
Greeting greeting = enreplacedy.getBody();
replacedertEquals("Hello, World!", greeting.getContent());
}
19
Source : GreetingIntegrationTests.java
with The Unlicense
from diegopacheco
with The Unlicense
from diegopacheco
@Test
public void corsWithAnnotation() throws Exception {
ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
Greeting greeting = enreplacedy.getBody();
replacedertEquals("Hello, World!", greeting.getContent());
}
18
Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji
with Apache License 2.0
from yuanmabiji
@Test
public void allowedMethodsCanBeConfigured() throws Exception {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com", "management.endpoints.web.cors.allowed-methods:GET,HEAD").applyTo(this.context);
createMockMvc().perform(options("/actuator/beans").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD"));
}
18
Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji
with Apache License 2.0
from yuanmabiji
@Test
public void requestsWithDisallowedMethodsAreRejected() throws Exception {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com").applyTo(this.context);
createMockMvc().perform(options("/actuator/health").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH")).andExpect(status().isForbidden());
}
18
Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
18
Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(403, this.servletResponse.getStatus());
}
18
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
18
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("http://domain.com/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
replacedertTrue(CorsUtils.isCorsRequest(request));
}
18
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
18
Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.example"));
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}
18
Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}
18
Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@Test
public void sameOriginNoMatch() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
replacedertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
}
18
Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("http://domain.example/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
replacedertThat(CorsUtils.isCorsRequest(request)).isTrue();
}
18
Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}
18
Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}
18
Source : DefaultSockJsServiceTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
18
Source : DefaultSockJsServiceTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(403, this.servletResponse.getStatus());
}
18
Source : CorsUtilsTests.java
with MIT License
from mindcarver
with MIT License
from mindcarver
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("/").header(HttpHeaders.ORIGIN, "http://domain.com").build();
replacedertTrue(CorsUtils.isCorsRequest(request));
}
18
Source : CrossOriginTests.java
with Apache License 2.0
from langtianya
with Apache License 2.0
from langtianya
@Before
public void setUp() {
this.handlerMapping.setRemoveSemicolonContent(false);
this.handlerMapping.setApplicationContext(new StaticWebApplicationContext());
this.handlerMapping.afterPropertiesSet();
this.request.setMethod("GET");
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain.com/");
}
17
Source : ReactiveCloudFoundrySecurityInterceptorTests.java
with Apache License 2.0
from yuanmabiji
with Apache License 2.0
from yuanmabiji
@Test
public void preHandleWhenRequestIsPreFlightShouldBeOk() {
MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest.options("/a").header(HttpHeaders.ORIGIN, "http://example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build());
StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeNextWith((response) -> replacedertThat(response.getStatus()).isEqualTo(HttpStatus.OK)).verifyComplete();
}
17
Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
this.servletRequest.setServerName("mydomain2.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
17
Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
String sockJsPath = sessionUrlPrefix + "invalid";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(404, this.servletResponse.getStatus());
}
17
Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.com"));
replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void sameOriginNoMatch() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
Source : CrossOriginTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void preFlightRequestWithoutRequestMethodHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/default");
request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
replacedertNull(this.handlerMapping.getHandler(request));
}
17
Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
private MockServerHttpRequest.BaseBuilder<?> corsRequest(HttpMethod method) {
return MockServerHttpRequest.method(method, "http://localhost/test.html").header(HttpHeaders.ORIGIN, "https://domain2.com");
}
17
Source : CorsUtilsTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void isPreFlightRequest() {
ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "https://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
17
Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void actualRequestWithOriginHeaderAndNullConfig() throws Exception {
this.request.setMethod(HttpMethod.GET.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_OK, this.response.getStatus());
}
17
Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus());
}
17
Source : CorsUtils.java
with MIT License
from Vip-Augus
with MIT License
from Vip-Augus
/**
* Returns {@code true} if the request is a valid CORS one by checking {@code Origin}
* header presence and ensuring that origins are different.
*/
public static boolean isCorsRequest(HttpServletRequest request) {
String origin = request.getHeader(HttpHeaders.ORIGIN);
if (origin == null) {
return false;
}
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build();
String scheme = request.getScheme();
String host = request.getServerName();
int port = request.getServerPort();
return !(ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) && getPort(scheme, port) == getPort(originUrl.getScheme(), originUrl.getPort()));
}
17
Source : PreCheckFilter.java
with MIT License
from uhonliu
with MIT License
from uhonliu
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String requestPath = accessManager.getRequestPath(request);
String remoteIpAddress = WebUtils.getRemoteAddress(request);
String origin = request.getHeader(HttpHeaders.ORIGIN);
AuthorityResource resource = accessManager.getResource(requestPath);
if (resource != null) {
// 资源是否公共访问验证
if (STATUS_0.equals(resource.getIsOpen().toString())) {
// 未公开
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_NOT_OPEN.getMessage()));
return;
}
// 资源状态验证
if (STATUS_0.equals(resource.getStatus().toString())) {
// 禁用
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_DISABLED.getMessage()));
return;
} else if (STATUS_2.equals(resource.getStatus().toString())) {
// 维护中
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_UPDATING.getMessage()));
return;
}
}
// ip黑名单验证
boolean deny = accessManager.matchIpOrOriginBlacklist(requestPath, remoteIpAddress, origin);
if (deny) {
// 拒绝
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_BLACK_LIMITED.getMessage()));
return;
}
// ip白名单验证
Boolean[] matchIpWhiteListResult = accessManager.matchIpOrOriginWhiteList(requestPath, remoteIpAddress, origin);
boolean hasWhiteList = matchIpWhiteListResult[0];
boolean allow = matchIpWhiteListResult[1];
if (hasWhiteList) {
// 接口存在白名单限制
if (!allow) {
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_WHITE_LIMITED.getMessage()));
return;
}
}
filterChain.doFilter(request, response);
}
17
Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
this.servletRequest.setServerName("mydomain2.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}
17
Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(403);
}
17
Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}
17
Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
String sockJsPath = sessionUrlPrefix + "invalid";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(404);
}
17
Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot
with Apache License 2.0
from SourceHot
@Test
public void originMatchAll() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor();
interceptor.setAllowedOrigins(Collections.singletonList("*"));
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}
See More Examples