Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
爱吃血肠
spring-framework
提交
4a87d3da
S
spring-framework
项目概览
爱吃血肠
/
spring-framework
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
4a87d3da
编写于
11月 22, 2017
作者:
S
sdeleuze
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Set Vary: Origin on CORS unauthorized response
Issue: SPR-16224
上级
652e5c55
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
47 addition
and
6 deletion
+47
-6
spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
...va/org/springframework/web/cors/DefaultCorsProcessor.java
+4
-2
spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
...ringframework/web/cors/reactive/DefaultCorsProcessor.java
+3
-2
spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java
...g/springframework/web/cors/DefaultCorsProcessorTests.java
+18
-0
spring-web/src/test/java/org/springframework/web/cors/reactive/DefaultCorsProcessorTests.java
...ramework/web/cors/reactive/DefaultCorsProcessorTests.java
+22
-2
未找到文件。
spring-web/src/main/java/org/springframework/web/cors/DefaultCorsProcessor.java
浏览文件 @
4a87d3da
...
...
@@ -119,6 +119,10 @@ public class DefaultCorsProcessor implements CorsProcessor {
String
requestOrigin
=
request
.
getHeaders
().
getOrigin
();
String
allowOrigin
=
checkOrigin
(
config
,
requestOrigin
);
HttpHeaders
responseHeaders
=
response
.
getHeaders
();
responseHeaders
.
add
(
HttpHeaders
.
VARY
,
HttpHeaders
.
ORIGIN
);
if
(
allowOrigin
==
null
)
{
logger
.
debug
(
"Rejecting CORS request because '"
+
requestOrigin
+
"' origin is not allowed"
);
rejectRequest
(
response
);
...
...
@@ -141,9 +145,7 @@ public class DefaultCorsProcessor implements CorsProcessor {
return
false
;
}
HttpHeaders
responseHeaders
=
response
.
getHeaders
();
responseHeaders
.
setAccessControlAllowOrigin
(
allowOrigin
);
responseHeaders
.
add
(
HttpHeaders
.
VARY
,
HttpHeaders
.
ORIGIN
);
if
(
preFlightRequest
)
{
responseHeaders
.
setAccessControlAllowMethods
(
allowMethods
);
...
...
spring-web/src/main/java/org/springframework/web/cors/reactive/DefaultCorsProcessor.java
浏览文件 @
4a87d3da
...
...
@@ -105,6 +105,9 @@ public class DefaultCorsProcessor implements CorsProcessor {
ServerHttpRequest
request
=
exchange
.
getRequest
();
ServerHttpResponse
response
=
exchange
.
getResponse
();
HttpHeaders
responseHeaders
=
response
.
getHeaders
();
response
.
getHeaders
().
add
(
HttpHeaders
.
VARY
,
HttpHeaders
.
ORIGIN
);
String
requestOrigin
=
request
.
getHeaders
().
getOrigin
();
String
allowOrigin
=
checkOrigin
(
config
,
requestOrigin
);
...
...
@@ -130,9 +133,7 @@ public class DefaultCorsProcessor implements CorsProcessor {
return
false
;
}
HttpHeaders
responseHeaders
=
response
.
getHeaders
();
responseHeaders
.
setAccessControlAllowOrigin
(
allowOrigin
);
responseHeaders
.
add
(
HttpHeaders
.
VARY
,
HttpHeaders
.
ORIGIN
);
if
(
preFlightRequest
)
{
responseHeaders
.
setAccessControlAllowMethods
(
allowMethods
);
...
...
spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java
浏览文件 @
4a87d3da
...
...
@@ -65,6 +65,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_FORBIDDEN
,
this
.
response
.
getStatus
());
}
...
...
@@ -89,6 +90,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"*"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_MAX_AGE
));
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -106,6 +108,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -121,6 +124,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -132,6 +136,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -149,6 +154,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
));
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
).
contains
(
"header1"
));
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
).
contains
(
"header2"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -160,6 +166,7 @@ public class DefaultCorsProcessorTests {
this
.
conf
.
addAllowedOrigin
(
"*"
);
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -171,6 +178,7 @@ public class DefaultCorsProcessorTests {
this
.
conf
.
addAllowedOrigin
(
"*"
);
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_FORBIDDEN
,
this
.
response
.
getStatus
());
}
...
...
@@ -184,6 +192,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
assertEquals
(
"GET,HEAD"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
}
@Test
...
...
@@ -193,6 +202,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_FORBIDDEN
,
this
.
response
.
getStatus
());
}
...
...
@@ -204,6 +214,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_FORBIDDEN
,
this
.
response
.
getStatus
());
}
...
...
@@ -216,6 +227,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_FORBIDDEN
,
this
.
response
.
getStatus
());
}
...
...
@@ -237,6 +249,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
assertEquals
(
"GET,PUT"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_MAX_AGE
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -257,6 +270,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -275,6 +289,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
"http://domain2.com"
,
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -295,6 +310,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header1"
));
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header2"
));
assertFalse
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header3"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -313,6 +329,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header1"
));
assertTrue
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header2"
));
assertFalse
(
this
.
response
.
getHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"*"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
@@ -328,6 +345,7 @@ public class DefaultCorsProcessorTests {
this
.
processor
.
processRequest
(
this
.
conf
,
this
.
request
,
this
.
response
);
assertTrue
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertFalse
(
this
.
response
.
containsHeader
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_HEADERS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
this
.
response
.
getHeader
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpServletResponse
.
SC_OK
,
this
.
response
.
getStatus
());
}
...
...
spring-web/src/test/java/org/springframework/web/cors/reactive/DefaultCorsProcessorTests.java
浏览文件 @
4a87d3da
...
...
@@ -63,6 +63,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertFalse
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpStatus
.
FORBIDDEN
,
response
.
getStatusCode
());
}
...
...
@@ -87,6 +88,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"*"
,
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertFalse
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_MAX_AGE
));
assertFalse
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -104,6 +106,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -119,6 +122,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -130,6 +134,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertTrue
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -147,6 +152,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
));
assertTrue
(
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
).
contains
(
"header1"
));
assertTrue
(
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_EXPOSE_HEADERS
).
contains
(
"header2"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -157,7 +163,9 @@ public class DefaultCorsProcessorTests {
this
.
conf
.
addAllowedOrigin
(
"*"
);
this
.
processor
.
process
(
this
.
conf
,
exchange
);
assertNull
(
exchange
.
getResponse
().
getStatusCode
());
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -168,7 +176,9 @@ public class DefaultCorsProcessorTests {
this
.
conf
.
addAllowedOrigin
(
"*"
);
this
.
processor
.
process
(
this
.
conf
,
exchange
);
assertEquals
(
HttpStatus
.
FORBIDDEN
,
exchange
.
getResponse
().
getStatusCode
());
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpStatus
.
FORBIDDEN
,
response
.
getStatusCode
());
}
@Test
...
...
@@ -180,6 +190,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertNull
(
response
.
getStatusCode
());
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
"GET,HEAD"
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
}
...
...
@@ -190,6 +201,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertFalse
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpStatus
.
FORBIDDEN
,
response
.
getStatusCode
());
}
...
...
@@ -201,6 +213,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertFalse
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpStatus
.
FORBIDDEN
,
response
.
getStatusCode
());
}
...
...
@@ -214,6 +227,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertFalse
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertEquals
(
HttpStatus
.
FORBIDDEN
,
response
.
getStatusCode
());
}
...
...
@@ -237,6 +251,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
assertEquals
(
"GET,PUT"
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_METHODS
));
assertFalse
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_MAX_AGE
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -259,6 +274,7 @@ public class DefaultCorsProcessorTests {
assertEquals
(
"http://domain2.com"
,
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertTrue
(
response
.
getHeaders
().
containsKey
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
"true"
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
ACCESS_CONTROL_ALLOW_CREDENTIALS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -279,6 +295,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertTrue
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
"http://domain2.com"
,
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -301,6 +318,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header1"
));
assertTrue
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header2"
));
assertFalse
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header3"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -321,6 +339,7 @@ public class DefaultCorsProcessorTests {
assertTrue
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header1"
));
assertTrue
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"Header2"
));
assertFalse
(
response
.
getHeaders
().
getFirst
(
ACCESS_CONTROL_ALLOW_HEADERS
).
contains
(
"*"
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
@@ -338,6 +357,7 @@ public class DefaultCorsProcessorTests {
ServerHttpResponse
response
=
exchange
.
getResponse
();
assertTrue
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_ORIGIN
));
assertFalse
(
response
.
getHeaders
().
containsKey
(
ACCESS_CONTROL_ALLOW_HEADERS
));
assertEquals
(
HttpHeaders
.
ORIGIN
,
response
.
getHeaders
().
getFirst
(
HttpHeaders
.
VARY
));
assertNull
(
response
.
getStatusCode
());
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录