Search in sources :

Example 1 with ACCESS_CONTROL_REQUEST_METHOD

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD in project spring-framework by spring-projects.

the class CorsWebFilterTests method validPreFlightRequest.

@Test
public void validPreFlightRequest() throws ServletException, IOException {
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
    WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
    filter.filter(exchange, filterChain).block();
    HttpHeaders headers = exchange.getResponse().getHeaders();
    assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("https://domain2.com");
    assertThat(headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS)).isEqualTo("header1, header2");
    assertThat(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)).isEqualTo("header3, header4");
    assertThat(Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE))).isEqualTo(123L);
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) HttpHeaders(org.springframework.http.HttpHeaders) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Example 2 with ACCESS_CONTROL_REQUEST_METHOD

use of org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD in project spring-framework by spring-projects.

the class CorsWebFilterTests method invalidPreFlightRequest.

@Test
public void invalidPreFlightRequest() throws ServletException, IOException {
    MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.options("https://domain1.com/test.html").header(HOST, "domain1.com").header(ORIGIN, "https://domain2.com").header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name()).header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));
    WebFilterChain filterChain = filterExchange -> Mono.error(new AssertionError("Preflight requests must not be forwarded to the filter chain"));
    filter.filter(exchange, filterChain).block();
    assertThat(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)).isNull();
}
Also used : ACCESS_CONTROL_EXPOSE_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ACCESS_CONTROL_REQUEST_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS) HttpHeaders(org.springframework.http.HttpHeaders) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ACCESS_CONTROL_ALLOW_HEADERS(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS) HttpMethod(org.springframework.http.HttpMethod) CorsConfiguration(org.springframework.web.cors.CorsConfiguration) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) ACCESS_CONTROL_MAX_AGE(org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE) IOException(java.io.IOException) Mono(reactor.core.publisher.Mono) ServletException(jakarta.servlet.ServletException) ACCESS_CONTROL_REQUEST_METHOD(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) HOST(org.springframework.http.HttpHeaders.HOST) Test(org.junit.jupiter.api.Test) MockServerHttpRequest(org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest) ORIGIN(org.springframework.http.HttpHeaders.ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) ACCESS_CONTROL_ALLOW_ORIGIN(org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) WebFilterChain(org.springframework.web.server.WebFilterChain) MockServerWebExchange(org.springframework.web.testfixture.server.MockServerWebExchange) Test(org.junit.jupiter.api.Test)

Aggregations

ServletException (jakarta.servlet.ServletException)2 IOException (java.io.IOException)2 Arrays (java.util.Arrays)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 BeforeEach (org.junit.jupiter.api.BeforeEach)2 Test (org.junit.jupiter.api.Test)2 HttpHeaders (org.springframework.http.HttpHeaders)2 ACCESS_CONTROL_ALLOW_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)2 ACCESS_CONTROL_ALLOW_ORIGIN (org.springframework.http.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)2 ACCESS_CONTROL_EXPOSE_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)2 ACCESS_CONTROL_MAX_AGE (org.springframework.http.HttpHeaders.ACCESS_CONTROL_MAX_AGE)2 ACCESS_CONTROL_REQUEST_HEADERS (org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)2 ACCESS_CONTROL_REQUEST_METHOD (org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD)2 HOST (org.springframework.http.HttpHeaders.HOST)2 ORIGIN (org.springframework.http.HttpHeaders.ORIGIN)2 HttpMethod (org.springframework.http.HttpMethod)2 CorsConfiguration (org.springframework.web.cors.CorsConfiguration)2 WebFilterChain (org.springframework.web.server.WebFilterChain)2 MockServerHttpRequest (org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest)2 MockServerWebExchange (org.springframework.web.testfixture.server.MockServerWebExchange)2