public CorsRegistration(String pathPattern) { this.pathPattern = pathPattern; // Same implicit default values as the @CrossOrigin annotation + allows simple methods this.config = new CorsConfiguration().applyPermitDefaultValues(); }
@Override public CorsConfiguration getCorsConfiguration(ServerWebExchange exchange) { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); return config; } }
@Override protected CorsConfiguration initCorsConfiguration(Object handler, Method method, String mapping) { CorsConfiguration corsConfig = new CorsConfiguration(); corsConfig.setAllowedOrigins(Collections.singletonList("http://" + handler.hashCode() + method.getName())); return corsConfig; }
@Test(expected = IllegalArgumentException.class) public void asteriskWildCardOnSetExposedHeaders() { CorsConfiguration config = new CorsConfiguration(); config.setExposedHeaders(Arrays.asList("*")); }
@Test(expected = IllegalArgumentException.class) public void asteriskWildCardOnAddExposedHeader() { CorsConfiguration config = new CorsConfiguration(); config.addExposedHeader("*"); }
@Override public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(true); return config; } }
@Override public CorsConfiguration getCorsConfiguration(ServerWebExchange exchange) { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(true); return config; } }
@Before public void setup() { this.conf = new CorsConfiguration(); this.processor = new DefaultCorsProcessor(); }
@Test public void combineWithNull() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Arrays.asList("*")); config.combine(null); assertEquals(Arrays.asList("*"), config.getAllowedOrigins()); }
@Test public void checkHeadersAllowed() { CorsConfiguration config = new CorsConfiguration(); assertEquals(Collections.emptyList(), config.checkHeaders(Collections.emptyList())); config.addAllowedHeader("header1"); config.addAllowedHeader("header2"); assertEquals(Arrays.asList("header1"), config.checkHeaders(Arrays.asList("header1"))); assertEquals(Arrays.asList("header1", "header2"), config.checkHeaders(Arrays.asList("header1", "header2"))); assertEquals(Arrays.asList("header1", "header2"), config.checkHeaders(Arrays.asList("header1", "header2", "header3"))); }
@Test public void checkMethodAllowed() { CorsConfiguration config = new CorsConfiguration(); assertEquals(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD), config.checkHttpMethod(HttpMethod.GET)); config.addAllowedMethod("GET"); assertEquals(Arrays.asList(HttpMethod.GET), config.checkHttpMethod(HttpMethod.GET)); config.addAllowedMethod("POST"); assertEquals(Arrays.asList(HttpMethod.GET, HttpMethod.POST), config.checkHttpMethod(HttpMethod.GET)); assertEquals(Arrays.asList(HttpMethod.GET, HttpMethod.POST), config.checkHttpMethod(HttpMethod.POST)); }
@Test public void checkHeadersNotAllowed() { CorsConfiguration config = new CorsConfiguration(); assertNull(config.checkHeaders(null)); assertNull(config.checkHeaders(Arrays.asList("header1"))); config.setAllowedHeaders(Collections.emptyList()); assertNull(config.checkHeaders(Arrays.asList("header1"))); config.addAllowedHeader("header2"); config.addAllowedHeader("header3"); assertNull(config.checkHeaders(Arrays.asList("header1"))); }
@Test // SPR-15772 public void changePermitDefaultValues() { CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues(); config.addAllowedOrigin("http://domain.com"); config.addAllowedHeader("header1"); config.addAllowedMethod("PATCH"); assertEquals(Arrays.asList("*", "http://domain.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("*", "header1"), config.getAllowedHeaders()); assertEquals(Arrays.asList("GET", "HEAD", "POST", "PATCH"), config.getAllowedMethods()); }
@Test public void actualRequestWithGlobalCorsConfig() throws Exception { CorsConfiguration mappedConfig = new CorsConfiguration(); mappedConfig.addAllowedOrigin("*"); this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig)); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.GET, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertSame(this.welcomeController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void preFlightRequestWithGlobalCorsConfig() throws Exception { CorsConfiguration mappedConfig = new CorsConfiguration(); mappedConfig.addAllowedOrigin("*"); this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig)); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.OPTIONS, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertNotSame(this.welcomeController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void checkOriginAllowed() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Arrays.asList("*")); assertEquals("*", config.checkOrigin("http://domain.com")); config.setAllowCredentials(true); assertEquals("http://domain.com", config.checkOrigin("http://domain.com")); config.setAllowedOrigins(Arrays.asList("http://domain.com")); assertEquals("http://domain.com", config.checkOrigin("http://domain.com")); config.setAllowCredentials(false); assertEquals("http://domain.com", config.checkOrigin("http://domain.com")); }
@Before public void setup() { this.request = new MockHttpServletRequest(); this.request.setRequestURI("/test.html"); this.request.setRemoteHost("domain1.com"); this.conf = new CorsConfiguration(); this.response = new MockHttpServletResponse(); this.response.setStatus(HttpServletResponse.SC_OK); this.processor = new DefaultCorsProcessor(); }
@Test public void checkOriginNotAllowed() { CorsConfiguration config = new CorsConfiguration(); assertNull(config.checkOrigin(null)); assertNull(config.checkOrigin("http://domain.com")); config.addAllowedOrigin("*"); assertNull(config.checkOrigin(null)); config.setAllowedOrigins(Arrays.asList("http://domain1.com")); assertNull(config.checkOrigin("http://domain2.com")); config.setAllowedOrigins(new ArrayList<>()); assertNull(config.checkOrigin("http://domain.com")); }
@Test public void registerAndMatch() { CorsConfiguration config = new CorsConfiguration(); this.configSource.registerCorsConfiguration("/bar/**", config); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/test.html"); assertNull(this.configSource.getCorsConfiguration(request)); request.setRequestURI("/bar/test.html"); assertEquals(config, this.configSource.getCorsConfiguration(request)); }
@Test public void registerAndMatch() { CorsConfiguration config = new CorsConfiguration(); this.configSource.registerCorsConfiguration("/bar/**", config); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/foo/test.html")); assertNull(this.configSource.getCorsConfiguration(exchange)); exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/bar/test.html")); assertEquals(config, this.configSource.getCorsConfiguration(exchange)); }