@Test(expected = IllegalArgumentException.class) public void invalidAllowedOrigins() { this.service.setAllowedOrigins(null); }
@Test // SPR-12226 public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); }
@Test // SPR-12226 public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(403, this.servletResponse.getStatus()); }
@Test // SPR-13464 public void handleTransportRequestXhrSameOrigin() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); }
@Test // SPR-13545 public void handleInvalidTransportType() throws Exception { String sockJsPath = sessionUrlPrefix + "invalid"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); }
service.setSuppressCors(this.suppressCors); service.setAllowedOrigins(this.allowedOrigins);
@Test public void handleTransportRequestIframe() throws Exception { String sockJsPath = "/iframe.html"; setRequest("GET", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(404, this.servletResponse.getStatus()); assertEquals("SAMEORIGIN", this.servletResponse.getHeader("X-Frame-Options")); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); assertNull(this.servletResponse.getHeader("X-Frame-Options")); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Collections.singletonList("*")); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(404, this.servletResponse.getStatus()); assertNull(this.servletResponse.getHeader("X-Frame-Options")); }
service.setSuppressCors(this.suppressCors); service.setAllowedOrigins(this.allowedOrigins);
service.setSuppressCors(this.suppressCors); service.setAllowedOrigins(this.allowedOrigins);