use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.
the class CorsWebFilterTests method sameOriginRequest.
@Test
public void sameOriginRequest() {
WebFilterChain filterChain = filterExchange -> {
try {
HttpHeaders headers = filterExchange.getResponse().getHeaders();
assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isNull();
} catch (AssertionError ex) {
return Mono.error(ex);
}
return Mono.empty();
};
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(ORIGIN, "https://domain1.com"));
this.filter.filter(exchange, filterChain).block();
}
use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.
the class CorsWebFilterTests method validPreFlightRequest.
@Test
public void validPreFlightRequest() throws ServletException, IOException {
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
filter.filter(exchange, filterChain).block();
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("https://domain2.com");
assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS)).isEqualTo("header1, header2");
assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isEqualTo("header3, header4");
assertThat(Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE))).isEqualTo(123L);
}
use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.
the class CorsWebFilterTests method invalidPreFlightRequest.
@Test
public void invalidPreFlightRequest() throws ServletException, IOException {
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
filter.filter(exchange, filterChain).block();
assertThat(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
}
use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.
the class CorsWebFilterTests method validActualRequest.
@Test
public void validActualRequest() {
WebFilterChain filterChain = filterExchange -> {
try {
HttpHeaders headers = filterExchange.getResponse().getHeaders();
assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("https://domain2.com");
assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isEqualTo("header3, header4");
} catch (AssertionError ex) {
return Mono.error(ex);
}
return Mono.empty();
};
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header("header2", "foo"));
this.filter.filter(exchange, filterChain).block();
}
use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN in project spring-framework by spring-projects.
the class CorsWebFilterTests method nonCorsRequest.
@Test
public void nonCorsRequest() {
WebFilterChain filterChain = filterExchange -> {
try {
HttpHeaders headers = filterExchange.getResponse().getHeaders();
assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isNull();
} catch (AssertionError ex) {
return Mono.error(ex);
}
return Mono.empty();
};
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("https://domain1.com/test.html").header(HOST, "domain1.com"));
this.filter.filter(exchange, filterChain).block();
}
Aggregations