Skip to content

S
spring-framework

爱吃血肠 / spring-framework

通知 1
Star 0
Fork 0
S
spring-framework

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
DefaultCorsProcessorTests.java 16.0 KB
Newer Older
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 
/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.web.cors.reactive;

import org.junit.Before;
import org.junit.Test;

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.mock.http.server.reactive.test.MockServerHttpRequest;
import org.springframework.mock.http.server.reactive.test.MockServerHttpResponse;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.adapter.DefaultServerWebExchange;
import org.springframework.web.server.session.MockWebSessionManager;
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
32 33 34 35 36 37 38 39 
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS;
import static org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN;
import static org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS;
import static org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD;
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
40 
/**
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
41 
 * {@link DefaultCorsProcessor} tests with simple or pre-flight CORS request.
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 
 *
 * @author Sebastien Deleuze
 */
public class DefaultCorsProcessorTests {

	private MockServerHttpRequest request;

	private MockServerHttpResponse response;

	private ServerWebExchange exchange;

	private DefaultCorsProcessor processor;

	private CorsConfiguration conf;


	@Before
	public void setup() {
		this.request = new MockServerHttpRequest();
		this.request.setUri("http://localhost/test.html");
		this.conf = new CorsConfiguration();
		this.response = new MockServerHttpResponse();
		this.response.setStatusCode(HttpStatus.OK);
		this.processor = new DefaultCorsProcessor();
		this.exchange = new DefaultServerWebExchange(this.request, this.response, new MockWebSessionManager());
	}


	@Test
	public void actualRequestWithOriginHeader() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
76 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
77 78 79 80 81 82 83 84 85 
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

	@Test
	public void actualRequestWithOriginHeaderAndNullConfig() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");

		this.processor.processRequest(null, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
86 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
87 88 89 90 91 92 93 94 95 96 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void actualRequestWithOriginHeaderAndAllowedOrigin() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
		this.conf.addAllowedOrigin("*");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
97 98 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("*", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 
		assertFalse(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_MAX_AGE));
		assertFalse(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void actualRequestCredentials() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
		this.conf.addAllowedOrigin("http://domain1.com");
		this.conf.addAllowedOrigin("http://domain2.com");
		this.conf.addAllowedOrigin("http://domain3.com");
		this.conf.setAllowCredentials(true);

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
114 115 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("http://domain2.com", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
116 117 118 119 120 121 122 123 124 125 126 127 128 
		assertTrue(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals("true", this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void actualRequestCredentialsWithOriginWildcard() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
		this.conf.addAllowedOrigin("*");
		this.conf.setAllowCredentials(true);

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
129 130 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("http://domain2.com", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
131 132 133 134 135 136 137 138 139 140 141 142 
		assertTrue(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals("true", this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void actualRequestCaseInsensitiveOriginMatch() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
		this.conf.addAllowedOrigin("http://DOMAIN2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
143 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
144 145 146 147 148 149 150 151 152 153 154 155 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void actualRequestExposedHeaders() throws Exception {
		this.request.setHttpMethod(HttpMethod.GET);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
		this.conf.addExposedHeader("header1");
		this.conf.addExposedHeader("header2");
		this.conf.addAllowedOrigin("http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
156 157 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("http://domain2.com", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
158 159 160 161 162 163 164 165 166 167 
		assertTrue(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS));
		assertTrue(this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1"));
		assertTrue(this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2"));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestAllOriginsAllowed() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
168 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
169 170 171 172 173 174 175 176 177 178 
		this.conf.addAllowedOrigin("*");

		this.processor.processRequest(this.conf, this.exchange);
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestWrongAllowedMethod() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
179 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "DELETE");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
180 181 182 183 184 185 186 187 188 189 
		this.conf.addAllowedOrigin("*");

		this.processor.processRequest(this.conf, this.exchange);
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestMatchedAllowedMethod() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
190 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
191 192 193 194 195 196 197 198 199 200 201 202 203 
		this.conf.addAllowedOrigin("*");

		this.processor.processRequest(this.conf, this.exchange);
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
		assertEquals("GET,HEAD", this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
	}

	@Test
	public void preflightRequestTestWithOriginButWithoutOtherHeaders() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
204 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
205 206 207 208 209 210 211 
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestWithoutRequestMethod() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
212 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
213 214 

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
215 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
216 217 218 219 220 221 222 
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestWithRequestAndMethodHeaderButNoConfig() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
223 224 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
225 226 

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
227 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
228 229 230 231 232 233 234 
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestValidRequestAndConfig() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
235 236 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
237 238 239 240 241 242 243 
		this.conf.addAllowedOrigin("*");
		this.conf.addAllowedMethod("GET");
		this.conf.addAllowedMethod("PUT");
		this.conf.addAllowedHeader("header1");
		this.conf.addAllowedHeader("header2");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
244 245 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("*", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
246 247 248 249 250 251 252 253 254 255 
		assertTrue(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
		assertEquals("GET,PUT", this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS));
		assertFalse(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_MAX_AGE));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestCredentials() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
256 257 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
258 259 260 261 262 263 264 
		this.conf.addAllowedOrigin("http://domain1.com");
		this.conf.addAllowedOrigin("http://domain2.com");
		this.conf.addAllowedOrigin("http://domain3.com");
		this.conf.addAllowedHeader("Header1");
		this.conf.setAllowCredentials(true);

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
265 266 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("http://domain2.com", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
267 268 269 270 271 272 273 274 275 
		assertTrue(this.response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals("true", this.response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestCredentialsWithOriginWildcard() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
276 277 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
278 279 280 281 282 283 284 
		this.conf.addAllowedOrigin("http://domain1.com");
		this.conf.addAllowedOrigin("*");
		this.conf.addAllowedOrigin("http://domain3.com");
		this.conf.addAllowedHeader("Header1");
		this.conf.setAllowCredentials(true);

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
285 286 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertEquals("http://domain2.com", this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
287 288 289 290 291 292 293 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestAllowedHeaders() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
294 295 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
296 297 298 299 300 301 
		this.conf.addAllowedHeader("Header1");
		this.conf.addAllowedHeader("Header2");
		this.conf.addAllowedHeader("Header3");
		this.conf.addAllowedOrigin("http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
302 303 304 305 306 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_HEADERS));
		assertTrue(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
		assertTrue(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
		assertFalse(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header3"));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
307 308 309 310 311 312 313 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestAllowsAllHeaders() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
314 315 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
316 317 318 319 
		this.conf.addAllowedHeader("*");
		this.conf.addAllowedOrigin("http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
320 321 322 323 324 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_HEADERS));
		assertTrue(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
		assertTrue(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
		assertFalse(this.response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("*"));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
325 326 327 328 329 330 331 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestWithEmptyHeaders() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
332 333 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
		this.request.addHeader(ACCESS_CONTROL_REQUEST_HEADERS, "");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
334 335 336 337 
		this.conf.addAllowedHeader("*");
		this.conf.addAllowedOrigin("http://domain2.com");

		this.processor.processRequest(this.conf, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
338 339 
		assertTrue(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_HEADERS));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
340 341 342 343 344 345 346 
		assertEquals(HttpStatus.OK, this.response.getStatusCode());
	}

	@Test
	public void preflightRequestWithNullConfig() throws Exception {
		this.request.setHttpMethod(HttpMethod.OPTIONS);
		this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com");
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
347 
		this.request.addHeader(ACCESS_CONTROL_REQUEST_METHOD, "GET");
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
348 349 350 
		this.conf.addAllowedOrigin("*");

		this.processor.processRequest(null, this.exchange);
R
Polish reactive CORS support  
Rossen Stoyanchev 已提交
351 
		assertFalse(this.response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
S
Add Reactive CORS support  
Sebastien Deleuze 已提交
352 353 354 355 
		assertEquals(HttpStatus.FORBIDDEN, this.response.getStatusCode());
	}

}