allowedMethods.add(HttpMethod.PUT); router.route().handler(CorsHandler.create("*").allowedHeaders(allowedHeaders).allowedMethods(allowedMethods));
@Test public void testPreflightAllowedHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> allowedHeaders = new LinkedHashSet<>(Arrays.asList("X-wibble", "X-blah")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowedHeaders(allowedHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); req.headers().add("access-control-request-headers", allowedHeaders); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", "X-wibble,X-blah", null), 200, "OK", null); }
@Test public void testPreflightMaxAge() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); int maxAge = 131233; router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).maxAgeSeconds(maxAge)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, null, String.valueOf(maxAge)), 200, "OK", null); }
@Test public void testPreflightNoExposeHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> exposeHeaders = new LinkedHashSet<>(Arrays.asList("X-floob", "X-blurp")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).exposedHeaders(exposeHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> { // Note expose headers header is never provided in response of pre-flight request checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null); }, 200, "OK", null); }
@Test public void testRealRequestAllowCredentials() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.GET, "/", req -> req.headers().add("origin", "vertx.io"), resp -> checkHeaders(resp, "vertx.io", null, null, null, "true", null), 200, "OK", null); }
@Test public void testRealRequestCredentialsNoWildcardOrigin() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx.*").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.GET, "/", req -> req.headers().add("origin", "vertx.io"), resp -> checkHeaders(resp, "vertx.io", null, null, null, "true", null), 200, "OK", null); }
@Test public void testPreflightSimple() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null), 200, "OK", null); }
@Test public void testPreflightAllowCredentialsNoWildcardOrigin() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); // Make sure * isn't returned in access-control-allow-origin for credentials router.route().handler(CorsHandler.create("vertx.*").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, "true", null), 200, "OK", null); }
@Test public void testPreflightAllowCredentials() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, "true", null), 200, "OK", null); }
@Test public void testChaining() throws Exception { CorsHandler cors = CorsHandler.create("*"); assertNotNull(cors); assertSame(cors, cors.allowedMethod(HttpMethod.POST)); assertSame(cors, cors.allowedMethod(HttpMethod.DELETE)); assertSame(cors, cors.allowedMethods(new HashSet<>())); assertSame(cors, cors.allowedHeader("X-foo")); assertSame(cors, cors.allowedHeader("X-bar")); assertSame(cors, cors.allowedHeaders(new HashSet<>())); assertSame(cors, cors.exposedHeader("X-wibble")); assertSame(cors, cors.exposedHeader("X-blah")); assertSame(cors, cors.exposedHeaders(new HashSet<>())); }
private io.vertx.ext.web.handler.CorsHandler corsHandler() { return io.vertx.ext.web.handler.CorsHandler .create(environment.getProperty("http.cors.allow-origin", String.class, "*")) .allowedHeaders(getStringPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, x-xsrf-token")) .allowedMethods(getHttpMethodPropertiesAsList("http.cors.allow-methods", "GET, POST")) .maxAgeSeconds(environment.getProperty("http.cors.max-age", Integer.class, 86400)); }
private io.vertx.ext.web.handler.CorsHandler corsHandler() { return io.vertx.ext.web.handler.CorsHandler .create(environment.getProperty("http.cors.allow-origin", String.class, "*")) .allowedHeaders(getStringPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, x-xsrf-token")) .allowedMethods(getHttpMethodPropertiesAsList("http.cors.allow-methods", "GET, POST")) .maxAgeSeconds(environment.getProperty("http.cors.max-age", Integer.class, 86400)); }
@Test public void testPreflightNoExposeHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> exposeHeaders = new LinkedHashSet<>(Arrays.asList("X-floob", "X-blurp")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).exposedHeaders(exposeHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> { // Note expose headers header is never provided in response of pre-flight request checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null); }, 200, "OK", null); }
@Test public void testPreflightAllowedHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> allowedHeaders = new LinkedHashSet<>(Arrays.asList("X-wibble", "X-blah")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowedHeaders(allowedHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); req.headers().add("access-control-request-headers", allowedHeaders); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", "X-wibble,X-blah", null), 200, "OK", null); }
@Test public void testPreflightMaxAge() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); int maxAge = 131233; router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).maxAgeSeconds(maxAge)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, null, String.valueOf(maxAge)), 200, "OK", null); }
@Test public void testRealRequestAllowCredentials() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.GET, "/", req -> req.headers().add("origin", "vertx.io"), resp -> checkHeaders(resp, "vertx.io", null, null, null, "true", null), 200, "OK", null); }
@Test public void testRealRequestCredentialsNoWildcardOrigin() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx.*").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.GET, "/", req -> req.headers().add("origin", "vertx.io"), resp -> checkHeaders(resp, "vertx.io", null, null, null, "true", null), 200, "OK", null); }
@Test public void testPreflightSimple() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null), 200, "OK", null); }
@Test public void testPreflightAllowCredentials() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, "true", null), 200, "OK", null); }
@Test public void testPreflightAllowCredentialsNoWildcardOrigin() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); // Make sure * isn't returned in access-control-allow-origin for credentials router.route().handler(CorsHandler.create("vertx.*").allowedMethods(allowedMethods).allowCredentials(true)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", null, null, "true", null), 200, "OK", null); }