Search in sources :

Example 1 with ACCESS_CONTROL_ALLOW_ORIGIN

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.

the class CorsWebFilterTests method sameOriginRequest.

@Test
public void sameOriginRequest() {
    WebFilterChain filterChain = filterExchange -> {
        try {
            HttpHeaders headers = filterExchange.getResponse().getHeaders();
            assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
            assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isNull();
        } catch (AssertionError ex) {
            return Mono.error(ex);
        }
        return Mono.empty();
    };
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(ORIGIN, "https://domain1.com"));
    this.filter.filter(exchange, filterChain).block();
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) HttpHeaders(org.springframework.http.HttpHeaders) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Example 2 with ACCESS_CONTROL_ALLOW_ORIGIN

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.

the class CorsWebFilterTests method validPreFlightRequest.

@Test
public void validPreFlightRequest() throws ServletException, IOException {
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
    WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
    filter.filter(exchange, filterChain).block();
    HttpHeaders headers = exchange.getResponse().getHeaders();
    assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("https://domain2.com");
    assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS)).isEqualTo("header1, header2");
    assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isEqualTo("header3, header4");
    assertThat(Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE))).isEqualTo(123L);
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) HttpHeaders(org.springframework.http.HttpHeaders) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Example 3 with ACCESS_CONTROL_ALLOW_ORIGIN

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.

the class CorsWebFilterTests method invalidPreFlightRequest.

@Test
public void invalidPreFlightRequest() throws ServletException, IOException {
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
    WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
    filter.filter(exchange, filterChain).block();
    assertThat(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Example 4 with ACCESS_CONTROL_ALLOW_ORIGIN

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.

the class CorsWebFilterTests method validActualRequest.

@Test
public void validActualRequest() {
    WebFilterChain filterChain = filterExchange -> {
        try {
            HttpHeaders headers = filterExchange.getResponse().getHeaders();
            assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("https://domain2.com");
            assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isEqualTo("header3, header4");
        } catch (AssertionError ex) {
            return Mono.error(ex);
        }
        return Mono.empty();
    };
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header("header2", "foo"));
    this.filter.filter(exchange, filterChain).block();
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) HttpHeaders(org.springframework.http.HttpHeaders) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Example 5 with ACCESS_CONTROL_ALLOW_ORIGIN

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.

the class CorsWebFilterTests method nonCorsRequest.

@Test
public void nonCorsRequest() {
    WebFilterChain filterChain = filterExchange -> {
        try {
            HttpHeaders headers = filterExchange.getResponse().getHeaders();
            assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
            assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isNull();
        } catch (AssertionError ex) {
            return Mono.error(ex);
        }
        return Mono.empty();
    };
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(HOST, "domain1.com"));
    this.filter.filter(exchange, filterChain).block();
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) HttpHeaders(org.springframework.http.HttpHeaders) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Aggregations

ServletException (jakarta.servlet.ServletException)6 IOException (java.io.IOException)6 Arrays (java.util.Arrays)6 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)6 BeforeEach (org.junit.jupiter.api.BeforeEach)6 Test (org.junit.jupiter.api.Test)6 HttpHeaders (org.springframework.http.HttpHeaders)6 ACCESS_CONTROL_ALLOW_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)6 ACCESS_CONTROL_ALLOW_ORIGIN (org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)6 ACCESS_CONTROL_EXPOSE_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)6 ACCESS_CONTROL_MAX_AGE (org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE)6 ACCESS_CONTROL_REQUEST_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)6 ACCESS_CONTROL_REQUEST_METHOD (org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD)6 HOST (org.springframework.http.HttpHeaders.HOST)6 ORIGIN (org.springframework.http.HttpHeaders.ORIGIN)6 HttpMethod (org.springframework.http.HttpMethod)6 CorsConfiguration (org.springframework.web.cors.CorsConfiguration)6 WebFilterChain (org.springframework.web.server.WebFilterChain)6 MockServerHttpRequest (org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest)6 MockServerWebExchange (org.springframework.web.testfixture.server.MockServerWebExchange)6