@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) { String url = "http://" + serverName; if (port != -1) { url = url + ":" + port; } MockServerHttpRequest.BaseBuilder<?> builder = get(url) .header("Forwarded", forwardedHeader) .header(HttpHeaders.ORIGIN, originHeader); ServerHttpRequest request = adaptFromForwardedHeaders(builder); assertTrue(CorsUtils.isSameOrigin(request)); }
@Test // SPR-16362 public void isSameOriginWithDifferentSchemes() { MockServerHttpRequest request = MockServerHttpRequest .get("http://mydomain1.com") .header(HttpHeaders.ORIGIN, "https://mydomain1.com") .build(); assertFalse(CorsUtils.isSameOrigin(request)); }
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) { String url = "http://" + serverName; if (port != -1) { url = url + ":" + port; } MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader); if (forwardedProto != null) { builder.header("X-Forwarded-Proto", forwardedProto); } if (forwardedHost != null) { builder.header("X-Forwarded-Host", forwardedHost); } if (forwardedPort != -1) { builder.header("X-Forwarded-Port", String.valueOf(forwardedPort)); } ServerHttpRequest request = adaptFromForwardedHeaders(builder); assertTrue(CorsUtils.isSameOrigin(request)); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.debug("Skip CORS: response already contains \"Access-Control-Allow-Origin\" header"); return true; } if (CorsUtils.isSameOrigin(request)) { logger.debug("Skip CORS: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }