@Test(expected = IllegalArgumentException.class) public void asteriskWildCardOnAddExposedHeader() { CorsConfiguration config = new CorsConfiguration(); config.addExposedHeader("*"); }
config.addExposedHeader(resolveCorsAnnotationValue(header));
config.addExposedHeader(resolveCorsAnnotationValue(header));
@Test public void setValues() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); assertEquals(Arrays.asList("*"), config.getAllowedOrigins()); config.addAllowedHeader("*"); assertEquals(Arrays.asList("*"), config.getAllowedHeaders()); config.addAllowedMethod("*"); assertEquals(Arrays.asList("*"), config.getAllowedMethods()); config.addExposedHeader("header1"); config.addExposedHeader("header2"); assertEquals(Arrays.asList("header1", "header2"), config.getExposedHeaders()); config.setAllowCredentials(true); assertTrue(config.getAllowCredentials()); config.setMaxAge(123L); assertEquals(new Long(123), config.getMaxAge()); }
config.addExposedHeader(resolveCorsAnnotationValue(header));
@Test public void actualRequestExposedHeaders() throws Exception { this.request.setMethod(HttpMethod.GET.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.conf.addExposedHeader("header1"); this.conf.addExposedHeader("header2"); this.conf.addAllowedOrigin("http://domain2.com"); this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1")); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2")); assertThat(this.response.getHeaders(HttpHeaders.VARY), contains(HttpHeaders.ORIGIN, HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)); assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); }
@Test // SPR-14792 public void combineWithDuplicatedElements() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("http://domain1.com"); config.addAllowedOrigin("http://domain2.com"); config.addAllowedHeader("header1"); config.addAllowedHeader("header2"); config.addExposedHeader("header3"); config.addExposedHeader("header4"); config.addAllowedMethod(HttpMethod.GET.name()); config.addAllowedMethod(HttpMethod.PUT.name()); CorsConfiguration other = new CorsConfiguration(); other.addAllowedOrigin("http://domain1.com"); other.addAllowedHeader("header1"); other.addExposedHeader("header3"); other.addAllowedMethod(HttpMethod.GET.name()); CorsConfiguration combinedConfig = config.combine(other); assertEquals(Arrays.asList("http://domain1.com", "http://domain2.com"), combinedConfig.getAllowedOrigins()); assertEquals(Arrays.asList("header1", "header2"), combinedConfig.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), combinedConfig.getExposedHeaders()); assertEquals(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()), combinedConfig.getAllowedMethods()); }
@Test public void combineWithAsteriskWildCard() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); CorsConfiguration other = new CorsConfiguration(); other.addAllowedOrigin("http://domain.com"); other.addAllowedHeader("header1"); other.addExposedHeader("header2"); other.addAllowedMethod(HttpMethod.PUT.name()); CorsConfiguration combinedConfig = config.combine(other); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedOrigins()); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedHeaders()); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedMethods()); combinedConfig = other.combine(config); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedOrigins()); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedHeaders()); assertEquals(Arrays.asList("*"), combinedConfig.getAllowedMethods()); }
@Test public void combineWithNullProperties() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.addAllowedHeader("header1"); config.addExposedHeader("header3"); config.addAllowedMethod(HttpMethod.GET.name()); config.setMaxAge(123L); config.setAllowCredentials(true); CorsConfiguration other = new CorsConfiguration(); config = config.combine(other); assertEquals(Arrays.asList("*"), config.getAllowedOrigins()); assertEquals(Arrays.asList("header1"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3"), config.getExposedHeaders()); assertEquals(Arrays.asList(HttpMethod.GET.name()), config.getAllowedMethods()); assertEquals(new Long(123), config.getMaxAge()); assertTrue(config.getAllowCredentials()); }
@Test public void actualRequestExposedHeaders() throws Exception { ServerWebExchange exchange = actualRequest(); this.conf.addExposedHeader("header1"); this.conf.addExposedHeader("header2"); this.conf.addAllowedOrigin("http://domain2.com"); this.processor.process(this.conf, exchange); ServerHttpResponse response = exchange.getResponse(); assertTrue(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("http://domain2.com", response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)); assertTrue(response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1")); assertTrue(response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2")); assertThat(response.getHeaders().get(VARY), contains(ORIGIN, ACCESS_CONTROL_REQUEST_METHOD, ACCESS_CONTROL_REQUEST_HEADERS)); assertNull(response.getStatusCode()); }
@Test public void combine() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("http://domain1.com"); config.addAllowedHeader("header1"); config.addExposedHeader("header3"); config.addAllowedMethod(HttpMethod.GET.name()); config.setMaxAge(123L); config.setAllowCredentials(true); CorsConfiguration other = new CorsConfiguration(); other.addAllowedOrigin("http://domain2.com"); other.addAllowedHeader("header2"); other.addExposedHeader("header4"); other.addAllowedMethod(HttpMethod.PUT.name()); other.setMaxAge(456L); other.setAllowCredentials(false); config = config.combine(other); assertEquals(Arrays.asList("http://domain1.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()), config.getAllowedMethods()); assertEquals(new Long(456), config.getMaxAge()); assertFalse(config.getAllowCredentials()); }
private static CorsConfiguration createDefaultCorsConfig() { CorsConfiguration retVal = new CorsConfiguration(); retVal.setAllowedHeaders(new ArrayList<>(Constants.CORS_ALLOWED_HEADERS)); retVal.setAllowedMethods(new ArrayList<>(Constants.CORS_ALLWED_METHODS)); retVal.addExposedHeader("Content-Location"); retVal.addExposedHeader("Location"); retVal.addAllowedOrigin("*"); return retVal; }
@Override protected void initialize() throws ServletException { // ... define your resource providers here ... // Define your CORS configuration. This is an example // showing a typical setup. You should customize this // to your specific needs CorsConfiguration config = new CorsConfiguration(); config.addAllowedHeader("x-fhir-starter"); config.addAllowedHeader("Origin"); config.addAllowedHeader("Accept"); config.addAllowedHeader("X-Requested-With"); config.addAllowedHeader("Content-Type"); config.addAllowedOrigin("*"); config.addExposedHeader("Location"); config.addExposedHeader("Content-Location"); config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); // Create the interceptor and register it CorsInterceptor interceptor = new CorsInterceptor(config); registerInterceptor(interceptor); }
private void updateCorsConfig(CorsConfiguration config, CrossOrigin annotation) { for (String origin : annotation.origins()) { config.addAllowedOrigin(resolveCorsAnnotationValue(origin)); } for (RequestMethod method : annotation.methods()) { config.addAllowedMethod(method.name()); } for (String header : annotation.allowedHeaders()) { config.addAllowedHeader(resolveCorsAnnotationValue(header)); } for (String header : annotation.exposedHeaders()) { config.addExposedHeader(resolveCorsAnnotationValue(header)); } String allowCredentials = resolveCorsAnnotationValue(annotation.allowCredentials()); if ("true".equalsIgnoreCase(allowCredentials)) { config.setAllowCredentials(true); } else if ("false".equalsIgnoreCase(allowCredentials)) { config.setAllowCredentials(false); } else if (!allowCredentials.isEmpty()) { throw new IllegalStateException("@CrossOrigin's allowCredentials value must be \"true\", \"false\", " + "or an empty string (\"\"): current value is [" + allowCredentials + "]"); } if (annotation.maxAge() >= 0 && config.getMaxAge() == null) { config.setMaxAge(annotation.maxAge()); } }
config.addExposedHeader(header);
config.addExposedHeader(header);
private static CorsConfiguration createDefaultCorsConfig() { CorsConfiguration retVal = new CorsConfiguration(); retVal.setAllowedHeaders(new ArrayList<>(Constants.CORS_ALLOWED_HEADERS)); retVal.setAllowedMethods(new ArrayList<>(Constants.CORS_ALLWED_METHODS)); retVal.addExposedHeader("Content-Location"); retVal.addExposedHeader("Location"); retVal.addAllowedOrigin("*"); return retVal; }
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); config.addExposedHeader("Authorization"); config.addExposedHeader("Content-Type"); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); }
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); config.addExposedHeader("Authorization"); config.addExposedHeader("Content-Type"); source.registerCorsConfiguration("/api/**", config); return new CorsFilter(source); }
private CorsConfiguration buildConfig() { CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.addAllowedOrigin(defaultString(properties.getOrigin(), CorsConfiguration.ALL)); corsConfiguration.addAllowedHeader(defaultString(properties.getAllowedHeader(), CorsConfiguration.ALL)); corsConfiguration.addAllowedMethod(defaultString(properties.getMethod(), CorsConfiguration.ALL)); // 是否发送 Cookie 信息 corsConfiguration.setAllowCredentials(properties.getAllowCredentials()); if (properties.getMaxAge() != null) { corsConfiguration.setMaxAge(properties.getMaxAge()); } if (properties.getExposedHeader() != null) { corsConfiguration.addExposedHeader(properties.getExposedHeader()); } return corsConfiguration; }