Examples with Headers io.helidon.common.http.Headers used on opensource projects

Example 21 with Headers

use of io.helidon.common.http.Headers in project helidon by oracle.

the class AbstractCorsTest method test1PreFlightAllowedHeaders1.

@Test
void test1PreFlightAllowedHeaders1() throws ExecutionException, InterruptedException {
    WebClientRequestBuilder reqBuilder = client().options().path(path(SERVICE_1));
    Headers headers = reqBuilder.headers();
    headers.add(ORIGIN, "http://foo.bar");
    headers.add(ACCESS_CONTROL_REQUEST_METHOD, "PUT");
    headers.add(ACCESS_CONTROL_REQUEST_HEADERS, "X-foo");
    WebClientResponse res = reqBuilder.request().toCompletableFuture().get();
    assertThat(res.status(), is(Http.Status.OK_200));
    assertThat(res.headers().first(ACCESS_CONTROL_ALLOW_ORIGIN), present(is("http://foo.bar")));
    assertThat(res.headers().first(ACCESS_CONTROL_ALLOW_METHODS), present(is("PUT")));
    assertThat(res.headers().first(ACCESS_CONTROL_ALLOW_HEADERS), present(is("X-foo")));
    assertThat(res.headers().first(ACCESS_CONTROL_MAX_AGE), present(is("3600")));
}

Example 22 with Headers

use of io.helidon.common.http.Headers in project helidon by oracle.

the class AbstractCorsTest method test2PreFlightForbiddenOrigin.

@Test
void test2PreFlightForbiddenOrigin() throws ExecutionException, InterruptedException {
    WebClientRequestBuilder reqBuilder = client().options().path(path(SERVICE_2));
    Headers headers = reqBuilder.headers();
    headers.add(ORIGIN, "http://not.allowed");
    headers.add(ACCESS_CONTROL_REQUEST_METHOD, "PUT");
    WebClientResponse res = reqBuilder.request().toCompletableFuture().get();
    Http.ResponseStatus status = res.status();
    assertThat(status.code(), is(Http.Status.FORBIDDEN_403.code()));
    assertThat(status.reasonPhrase(), is("CORS origin is not in allowed list"));
}

Example 23 with Headers

use of io.helidon.common.http.Headers in project helidon by oracle.

the class AbstractCorsTest method test2PreFlightForbiddenMethod.

@Test
void test2PreFlightForbiddenMethod() throws ExecutionException, InterruptedException {
    WebClientRequestBuilder reqBuilder = client().options().path(path(SERVICE_2));
    Headers headers = reqBuilder.headers();
    headers.add(ORIGIN, "http://foo.bar");
    headers.add(ACCESS_CONTROL_REQUEST_METHOD, "POST");
    WebClientResponse res = reqBuilder.request().toCompletableFuture().get();
    Http.ResponseStatus status = res.status();
    assertThat(status.code(), is(Http.Status.FORBIDDEN_403.code()));
    assertThat(status.reasonPhrase(), is("CORS origin is denied"));
}

Example 24 with Headers

use of io.helidon.common.http.Headers in project helidon by oracle.

the class MainTest method testAnonymousGreetWithCors.

// Run after the non-CORS tests (so the greeting is Hola) but before the CORS test that changes the greeting again.
@Order(10)
@Test
void testAnonymousGreetWithCors() {
    WebClientRequestBuilder builder = webClient.get();
    Headers headers = builder.headers();
    headers.add("Origin", "http://foo.com");
    headers.add("Host", "here.com");
    WebClientResponse r = getResponse("/greet", builder);
    assertEquals(200, r.status().code(), "HTTP response");
    String payload = fromPayload(r).getMessage();
    assertTrue(payload.contains("Hola World"), "HTTP response payload was " + payload);
    headers = r.headers();
    Optional<String> allowOrigin = headers.value(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN);
    assertTrue(allowOrigin.isPresent(), "Expected CORS header " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN + " is absent");
    assertEquals(allowOrigin.get(), "*");
}

Example 25 with Headers

use of io.helidon.common.http.Headers in project helidon by oracle.

the class MainTest method testGreetingChangeWithCors.

// Run after the non-CORS tests but before other CORS tests.
@Order(11)
@Test
void testGreetingChangeWithCors() {
    // Send the pre-flight request and check the response.
    WebClientRequestBuilder builder = webClient.options();
    Headers headers = builder.headers();
    headers.add("Origin", "http://foo.com");
    headers.add("Host", "here.com");
    headers.add("Access-Control-Request-Method", "PUT");
    WebClientResponse r = builder.path("/greet/greeting").submit().await();
    Headers preflightResponseHeaders = r.headers();
    List<String> allowMethods = preflightResponseHeaders.values(CrossOriginConfig.ACCESS_CONTROL_ALLOW_METHODS);
    assertFalse(allowMethods.isEmpty(), "pre-flight response does not include " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_METHODS);
    assertTrue(allowMethods.contains("PUT"));
    List<String> allowOrigins = preflightResponseHeaders.values(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN);
    assertFalse(allowOrigins.isEmpty(), "pre-flight response does not include " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN);
    assertTrue(allowOrigins.contains("http://foo.com"), "Header " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN + " should contain '*' but does not; " + allowOrigins);
    // Send the follow-up request.
    builder = webClient.put();
    headers = builder.headers();
    headers.add("Origin", "http://foo.com");
    headers.add("Host", "here.com");
    headers.addAll(preflightResponseHeaders);
    r = putResponse("/greet/greeting", new GreetingMessage("Cheers"), builder);
    assertEquals(204, r.status().code(), "HTTP response3");
    headers = r.headers();
    allowOrigins = headers.values(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN);
    assertFalse(allowOrigins.isEmpty(), "Expected CORS header " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN + " has no value(s)");
    assertTrue(allowOrigins.contains("http://foo.com"), "Header " + CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN + " should contain '*' but does not; " + allowOrigins);
}