Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
带水的鱼儿
spring-framework
提交
101ed17b
S
spring-framework
项目概览
带水的鱼儿
/
spring-framework
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
101ed17b
编写于
5月 17, 2021
作者:
R
Rossen Stoyanchev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Polishing contribution
Closes gh-26927
上级
66588bae
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
26 addition
and
25 deletion
+26
-25
spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
.../org/springframework/web/bind/annotation/CrossOrigin.java
+4
-4
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
.../java/org/springframework/web/cors/CorsConfiguration.java
+22
-21
未找到文件。
spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
浏览文件 @
101ed17b
/*
* Copyright 2002-202
0
the original author or authors.
* Copyright 2002-202
1
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -87,9 +87,9 @@ public @interface CrossOrigin {
String
[]
origins
()
default
{};
/**
* Alternative to {@link #origins()} that supports
origins declared via
*
wildcard patterns. Please, see
*
@link CorsConfiguration#setAllowedOriginPatterns(List)}
for details.
* Alternative to {@link #origins()} that supports
more flexible origins
*
patterns. Please, see @link CorsConfiguration#setAllowedOriginPatterns(List)}
* for details.
* <p>By default this is not set.
* @since 5.3
*/
...
...
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
浏览文件 @
101ed17b
...
...
@@ -170,16 +170,22 @@ public class CorsConfiguration {
}
/**
* Alternative to {@link #setAllowedOrigins} that supports origins declared
* via wildcard patterns. In contrast to {@link #setAllowedOrigins allowedOrigins}
* which does support the special value {@code "*"}, this property allows
* more flexible patterns, e.g. {@code "https://*.domain1.com"}. Furthermore
* it always sets the {@code Access-Control-Allow-Origin} response header to
* the matched origin and never to {@code "*"}, nor to any other pattern, and
* therefore can be used in combination with {@link #setAllowCredentials}
* set to {@code true}. Patterns also support list of allowed ports for origin,
* e.g. {@code "https://*.domain1.com:[8080,8081]"}. Additionally wildcard is supported
* in case any generic port should be allowed {@code "https://*.domain1.com:[*]"}.
* Alternative to {@link #setAllowedOrigins} that supports more flexible
* origins patterns with "*" anywhere in the host name in addition to port
* lists. Examples:
* <ul>
* <li>{@literal https://*.domain1.com} -- domains ending with domain1.com
* <li>{@literal https://*.domain1.com:[8080,8081]} -- domains ending with
* domain1.com on port 8080 or port 8081
* <li>{@literal https://*.domain1.com:[*]} -- domains ending with
* domain1.com on any port, including the default port
* </ul>
* <p>In contrast to {@link #setAllowedOrigins(List) allowedOrigins} which
* only supports "*" and cannot be used with {@code allowCredentials}, when
* an allowedOriginPattern is matched, the {@code Access-Control-Allow-Origin}
* response header is set to the matched origin and not to {@code "*"} nor
* to the pattern. Therefore allowedOriginPatterns can be used in combination
* with {@link #setAllowCredentials} set to {@code true}.
* <p>By default this is not set.
* @since 5.3
*/
...
...
@@ -650,7 +656,7 @@ public class CorsConfiguration {
*/
private
static
class
OriginPattern
{
private
static
final
Pattern
PORT
_LIST_PATTERN
=
Pattern
.
compile
(
"(.*):\\[(\\*|[\\d,]+
)]"
);
private
static
final
Pattern
PORT
S_PATTERN
=
Pattern
.
compile
(
"(.*):\\[(\\*|\\d+(,\\d+)*
)]"
);
private
final
String
declaredPattern
;
...
...
@@ -658,13 +664,12 @@ public class CorsConfiguration {
OriginPattern
(
String
declaredPattern
)
{
this
.
declaredPattern
=
declaredPattern
;
this
.
pattern
=
to
Pattern
(
declaredPattern
);
this
.
pattern
=
init
Pattern
(
declaredPattern
);
}
private
static
Pattern
toPattern
(
String
patternValue
)
{
//if pattern ends with allowed ports list
Matcher
matcher
=
PORT_LIST_PATTERN
.
matcher
(
patternValue
);
private
static
Pattern
initPattern
(
String
patternValue
)
{
String
portList
=
null
;
Matcher
matcher
=
PORTS_PATTERN
.
matcher
(
patternValue
);
if
(
matcher
.
matches
())
{
patternValue
=
matcher
.
group
(
1
);
portList
=
matcher
.
group
(
2
);
...
...
@@ -673,12 +678,8 @@ public class CorsConfiguration {
patternValue
=
"\\Q"
+
patternValue
+
"\\E"
;
patternValue
=
patternValue
.
replace
(
"*"
,
"\\E.*\\Q"
);
if
(
ALL
.
equals
(
portList
))
{
//there is a corner case. If '*' is specified, then origins with implicit default port (e.g. "https://test.com") should also match.
patternValue
+=
"(:\\d+)?"
;
}
else
if
(
portList
!=
null
)
{
patternValue
+=
":("
+
portList
.
replace
(
','
,
'|'
)
+
")"
;
if
(
portList
!=
null
)
{
patternValue
+=
(
portList
.
equals
(
ALL
)
?
"(:\\d+)?"
:
":("
+
portList
.
replace
(
','
,
'|'
)
+
")"
);
}
return
Pattern
.
compile
(
patternValue
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录