org.springframework.http.HttpHeaders.ORIGIN

Here are the examples of the java api org.springframework.http.HttpHeaders.ORIGIN taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

275 Examples 7

19 Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji

private ResultActions performAcceptedCorsRequest(String url) throws Exception {
    return createMockMvc().perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foo.example.com")).andExpect(status().isOk());
}

19 Source : WebFluxEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji

private WebTestClient.ResponseSpec performAcceptedCorsRequest(String url) {
    return createWebTestClient().options().uri(url).header(HttpHeaders.ORIGIN, "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "spring.example.org").expectStatus().isOk();
}

19 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@Test
public void isCorsRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
    replacedertTrue(CorsUtils.isCorsRequest(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@Test
public void isPreFlightRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setMethod(HttpMethod.OPTIONS.name());
    request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
    request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    replacedertTrue(CorsUtils.isPreFlightRequest(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@Test
public void isNotPreFlightRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    replacedertFalse(CorsUtils.isPreFlightRequest(request));
    request = new MockHttpServletRequest();
    request.setMethod(HttpMethod.OPTIONS.name());
    request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
    replacedertFalse(CorsUtils.isPreFlightRequest(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from mindcarver

private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
    if (forwardedProto != null) {
        builder.header("X-Forwarded-Proto", forwardedProto);
    }
    if (forwardedHost != null) {
        builder.header("X-Forwarded-Host", forwardedHost);
    }
    if (forwardedPort != -1) {
        builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
    }
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertTrue(CorsUtils.isSameOrigin(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from mindcarver

private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertTrue(CorsUtils.isSameOrigin(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from mindcarver

@Test
public void isPreFlightRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setMethod(HttpMethod.OPTIONS.name());
    request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
    request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    replacedertTrue(CorsUtils.isPreFlightRequest(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from mindcarver

@Test
public void isNotPreFlightRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    replacedertFalse(CorsUtils.isPreFlightRequest(request));
    request = new MockHttpServletRequest();
    request.setMethod(HttpMethod.OPTIONS.name());
    request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
    replacedertFalse(CorsUtils.isPreFlightRequest(request));
    request = new MockHttpServletRequest();
    request.setMethod(HttpMethod.OPTIONS.name());
    request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    replacedertFalse(CorsUtils.isPreFlightRequest(request));
}

19 Source : CorsUtilsTests.java
with MIT License
from mindcarver

@Test
public void isCorsRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
    replacedertTrue(CorsUtils.isCorsRequest(request));
}

19 Source : BasicRouteTests.java
with MIT License
from microsoft

@Test
public void CORS_Success_replacedlesEndpointResponse() throws URISyntaxException {
    ResponseEnreplacedy<String> resreplacedles = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/replacedles")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
    replacedert.replacedertTrue(resreplacedles.getStatusCode().is2xxSuccessful());
    replacedert.replacedertEquals(resreplacedles.getHeaders().getAccessControlAllowOrigin(), "*");
}

19 Source : BasicRouteTests.java
with MIT License
from microsoft

@Test
public void CORS_Success_PeopleEndpointResponse() throws URISyntaxException {
    ResponseEnreplacedy<String> resPeople = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/people")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
    replacedert.replacedertTrue(resPeople.getStatusCode().is2xxSuccessful());
    replacedert.replacedertEquals(resPeople.getHeaders().getAccessControlAllowOrigin(), "*");
}

19 Source : RequestMappingInfoTests.java
with Apache License 2.0
from langtianya

@Test
public void preFlightRequest() {
    MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/foo");
    request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
    request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST");
    RequestMappingInfo info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.POST), null, null, null, null, null);
    RequestMappingInfo match = info.getMatchingCondition(request);
    replacedertNotNull(match);
    info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.OPTIONS), null, null, null, null, null);
    match = info.getMatchingCondition(request);
    replacedertNotNull(match);
}

19 Source : GreetingIntegrationTests.java
with The Unlicense
from diegopacheco

@Test
public void corsWithJavaconfig() {
    ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting-javaconfig")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
    replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
    replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
    Greeting greeting = enreplacedy.getBody();
    replacedertEquals("Hello, World!", greeting.getContent());
}

19 Source : GreetingIntegrationTests.java
with The Unlicense
from diegopacheco

@Test
public void corsWithAnnotation() throws Exception {
    ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
    replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
    replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
    Greeting greeting = enreplacedy.getBody();
    replacedertEquals("Hello, World!", greeting.getContent());
}

18 Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji

@Test
public void allowedMethodsCanBeConfigured() throws Exception {
    TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com", "management.endpoints.web.cors.allowed-methods:GET,HEAD").applyTo(this.context);
    createMockMvc().perform(options("/actuator/beans").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD"));
}

18 Source : WebMvcEndpointCorsIntegrationTests.java
with Apache License 2.0
from yuanmabiji

@Test
public void requestsWithDisallowedMethodsAreRejected() throws Exception {
    TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com").applyTo(this.context);
    createMockMvc().perform(options("/actuator/health").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH")).andExpect(status().isForbidden());
}

18 Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(200, this.servletResponse.getStatus());
}

18 Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(403, this.servletResponse.getStatus());
}

18 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertTrue(CorsUtils.isSameOrigin(request));
}

18 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@Test
public void isCorsRequest() {
    ServerHttpRequest request = get("http://domain.com/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
    replacedertTrue(CorsUtils.isCorsRequest(request));
}

18 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
    if (forwardedProto != null) {
        builder.header("X-Forwarded-Proto", forwardedProto);
    }
    if (forwardedHost != null) {
        builder.header("X-Forwarded-Host", forwardedHost);
    }
    if (forwardedPort != -1) {
        builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
    }
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertTrue(CorsUtils.isSameOrigin(request));
}

18 Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot

@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
    this.servletRequest.setServerName("mydomain2.example");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.example"));
    replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
    replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}

18 Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot

@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
    this.servletRequest.setServerName("mydomain2.example");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
    replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
    replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}

18 Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot

@Test
public void sameOriginNoMatch() throws Exception {
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
    this.servletRequest.setServerName("mydomain2.example");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
    replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
    replacedertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
}

18 Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot

@Test
public void isCorsRequest() {
    ServerHttpRequest request = get("http://domain.example/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
    replacedertThat(CorsUtils.isCorsRequest(request)).isTrue();
}

18 Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot

@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
    if (forwardedProto != null) {
        builder.header("X-Forwarded-Proto", forwardedProto);
    }
    if (forwardedHost != null) {
        builder.header("X-Forwarded-Host", forwardedHost);
    }
    if (forwardedPort != -1) {
        builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
    }
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}

18 Source : CorsUtilsTests.java
with Apache License 2.0
from SourceHot

@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
    String url = "http://" + serverName;
    if (port != -1) {
        url = url + ":" + port;
    }
    MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
    ServerHttpRequest request = adaptFromForwardedHeaders(builder);
    replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}

18 Source : DefaultSockJsServiceTests.java
with MIT License
from mindcarver

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(200, this.servletResponse.getStatus());
}

18 Source : DefaultSockJsServiceTests.java
with MIT License
from mindcarver

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(403, this.servletResponse.getStatus());
}

18 Source : CorsUtilsTests.java
with MIT License
from mindcarver

@Test
public void isCorsRequest() {
    ServerHttpRequest request = get("/").header(HttpHeaders.ORIGIN, "http://domain.com").build();
    replacedertTrue(CorsUtils.isCorsRequest(request));
}

18 Source : CrossOriginTests.java
with Apache License 2.0
from langtianya

@Before
public void setUp() {
    this.handlerMapping.setRemoveSemicolonContent(false);
    this.handlerMapping.setApplicationContext(new StaticWebApplicationContext());
    this.handlerMapping.afterPropertiesSet();
    this.request.setMethod("GET");
    this.request.addHeader(HttpHeaders.ORIGIN, "http://domain.com/");
}

17 Source : ReactiveCloudFoundrySecurityInterceptorTests.java
with Apache License 2.0
from yuanmabiji

@Test
public void preHandleWhenRequestIsPreFlightShouldBeOk() {
    MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest.options("/a").header(HttpHeaders.ORIGIN, "http://example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build());
    StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeNextWith((response) -> replacedertThat(response.getStatus()).isEqualTo(HttpStatus.OK)).verifyComplete();
}

17 Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus

// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
    this.servletRequest.setServerName("mydomain2.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(200, this.servletResponse.getStatus());
}

17 Source : DefaultSockJsServiceTests.java
with MIT License
from Vip-Augus

// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
    String sockJsPath = sessionUrlPrefix + "invalid";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
    this.servletRequest.setServerName("mydomain2.com");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertEquals(404, this.servletResponse.getStatus());
}

17 Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus

@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
    this.servletRequest.setServerName("mydomain2.com");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.com"));
    replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
    replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}

17 Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus

@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
    this.servletRequest.setServerName("mydomain2.com");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
    replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
    replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}

17 Source : OriginHandshakeInterceptorTests.java
with MIT License
from Vip-Augus

@Test
public void sameOriginNoMatch() throws Exception {
    Map<String, Object> attributes = new HashMap<>();
    WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
    this.servletRequest.setServerName("mydomain2.com");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
    replacedertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes));
    replacedertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}

17 Source : CrossOriginTests.java
with MIT License
from Vip-Augus

@Test
public void preFlightRequestWithoutRequestMethodHeader() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/default");
    request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
    replacedertNull(this.handlerMapping.getHandler(request));
}

17 Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus

private MockServerHttpRequest.BaseBuilder<?> corsRequest(HttpMethod method) {
    return MockServerHttpRequest.method(method, "http://localhost/test.html").header(HttpHeaders.ORIGIN, "https://domain2.com");
}

17 Source : CorsUtilsTests.java
with MIT License
from Vip-Augus

@Test
public void isPreFlightRequest() {
    ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "https://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
    replacedertTrue(CorsUtils.isPreFlightRequest(request));
}

17 Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus

@Test
public void actualRequestWithOriginHeaderAndNullConfig() throws Exception {
    this.request.setMethod(HttpMethod.GET.name());
    this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
    this.processor.processRequest(null, this.request, this.response);
    replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
    replacedertEquals(HttpServletResponse.SC_OK, this.response.getStatus());
}

17 Source : DefaultCorsProcessorTests.java
with MIT License
from Vip-Augus

@Test
public void preflightRequestWithNullConfig() throws Exception {
    this.request.setMethod(HttpMethod.OPTIONS.name());
    this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
    this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    this.conf.addAllowedOrigin("*");
    this.processor.processRequest(null, this.request, this.response);
    replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
    replacedertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus());
}

17 Source : CorsUtils.java
with MIT License
from Vip-Augus

/**
 * Returns {@code true} if the request is a valid CORS one by checking {@code Origin}
 * header presence and ensuring that origins are different.
 */
public static boolean isCorsRequest(HttpServletRequest request) {
    String origin = request.getHeader(HttpHeaders.ORIGIN);
    if (origin == null) {
        return false;
    }
    UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build();
    String scheme = request.getScheme();
    String host = request.getServerName();
    int port = request.getServerPort();
    return !(ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) && getPort(scheme, port) == getPort(originUrl.getScheme(), originUrl.getPort()));
}

17 Source : PreCheckFilter.java
with MIT License
from uhonliu

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    String requestPath = accessManager.getRequestPath(request);
    String remoteIpAddress = WebUtils.getRemoteAddress(request);
    String origin = request.getHeader(HttpHeaders.ORIGIN);
    AuthorityResource resource = accessManager.getResource(requestPath);
    if (resource != null) {
        // 资源是否公共访问验证
        if (STATUS_0.equals(resource.getIsOpen().toString())) {
            // 未公开
            accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_NOT_OPEN.getMessage()));
            return;
        }
        // 资源状态验证
        if (STATUS_0.equals(resource.getStatus().toString())) {
            // 禁用
            accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_DISABLED.getMessage()));
            return;
        } else if (STATUS_2.equals(resource.getStatus().toString())) {
            // 维护中
            accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_UPDATING.getMessage()));
            return;
        }
    }
    // ip黑名单验证
    boolean deny = accessManager.matchIpOrOriginBlacklist(requestPath, remoteIpAddress, origin);
    if (deny) {
        // 拒绝
        accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_BLACK_LIMITED.getMessage()));
        return;
    }
    // ip白名单验证
    Boolean[] matchIpWhiteListResult = accessManager.matchIpOrOriginWhiteList(requestPath, remoteIpAddress, origin);
    boolean hasWhiteList = matchIpWhiteListResult[0];
    boolean allow = matchIpWhiteListResult[1];
    if (hasWhiteList) {
        // 接口存在白名单限制
        if (!allow) {
            accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_WHITE_LIMITED.getMessage()));
            return;
        }
    }
    filterChain.doFilter(request, response);
}

17 Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot

// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
    this.servletRequest.setServerName("mydomain2.example");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}

17 Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertThat(this.servletResponse.getStatus()).isEqualTo(403);
}

17 Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot

// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
    String sockJsPath = sessionUrlPrefix + "xhr";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}

17 Source : DefaultSockJsServiceTests.java
with Apache License 2.0
from SourceHot

// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
    String sockJsPath = sessionUrlPrefix + "invalid";
    setRequest("POST", sockJsPrefix + sockJsPath);
    this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
    this.servletRequest.setServerName("mydomain2.example");
    this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
    replacedertThat(this.servletResponse.getStatus()).isEqualTo(404);
}

17 Source : OriginHandshakeInterceptorTests.java
with Apache License 2.0
from SourceHot

@Test
public void originMatchAll() throws Exception {
    this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
    OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor();
    interceptor.setAllowedOrigins(Collections.singletonList("*"));
    replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
    replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}

See More Examples