Example 1 with ServerHttpResponse
use of org.springframework.http.server.reactive.ServerHttpResponse in project spring-framework by spring-projects.
the class DefaultCorsProcessor method handleInternal.
/**
* Handle the given request.
*/
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
String requestOrigin = request.getHeaders().getOrigin();
String allowOrigin = checkOrigin(config, requestOrigin);
HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
List<String> allowHeaders = checkHeaders(config, requestHeaders);
if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
rejectRequest(response);
return false;
}
HttpHeaders responseHeaders = response.getHeaders();
responseHeaders.setAccessControlAllowOrigin(allowOrigin);
responseHeaders.add(HttpHeaders.VARY, HttpHeaders.ORIGIN);
if (preFlightRequest) {
responseHeaders.setAccessControlAllowMethods(allowMethods);
}
if (preFlightRequest && !allowHeaders.isEmpty()) {
responseHeaders.setAccessControlAllowHeaders(allowHeaders);
}
if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
}
if (Boolean.TRUE.equals(config.getAllowCredentials())) {
responseHeaders.setAccessControlAllowCredentials(true);
}
if (preFlightRequest && config.getMaxAge() != null) {
responseHeaders.setAccessControlMaxAge(config.getMaxAge());
}
return true;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
HttpMethod(org.springframework.http.HttpMethod)
Example 2 with ServerHttpResponse
use of org.springframework.http.server.reactive.ServerHttpResponse in project spring-framework by spring-projects.
the class DefaultCorsProcessorTests method preflightRequestWithRequestAndMethodHeaderButNoConfig.
@Test
public void preflightRequestWithRequestAndMethodHeaderButNoConfig() throws Exception {
ServerWebExchange exchange = preFlightRequest().header(ACCESS_CONTROL_REQUEST_METHOD, "GET").header(ACCESS_CONTROL_REQUEST_HEADERS, "Header1").toExchange();
this.processor.processRequest(this.conf, exchange);
ServerHttpResponse response = exchange.getResponse();
assertFalse(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode());
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
Test(org.junit.Test)
Example 3 with ServerHttpResponse
use of org.springframework.http.server.reactive.ServerHttpResponse in project spring-framework by spring-projects.
the class DefaultCorsProcessorTests method actualRequestCaseInsensitiveOriginMatch.
@Test
public void actualRequestCaseInsensitiveOriginMatch() throws Exception {
ServerWebExchange exchange = actualRequest();
this.conf.addAllowedOrigin("http://DOMAIN2.com");
this.processor.processRequest(this.conf, exchange);
ServerHttpResponse response = exchange.getResponse();
assertTrue(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
assertNull(response.getStatusCode());
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
Test(org.junit.Test)
Example 4 with ServerHttpResponse
use of org.springframework.http.server.reactive.ServerHttpResponse in project spring-framework by spring-projects.
the class DefaultCorsProcessorTests method preflightRequestCredentials.
@Test
public void preflightRequestCredentials() throws Exception {
ServerWebExchange exchange = preFlightRequest().header(ACCESS_CONTROL_REQUEST_METHOD, "GET").header(ACCESS_CONTROL_REQUEST_HEADERS, "Header1").toExchange();
this.conf.addAllowedOrigin("http://domain1.com");
this.conf.addAllowedOrigin("http://domain2.com");
this.conf.addAllowedOrigin("http://domain3.com");
this.conf.addAllowedHeader("Header1");
this.conf.setAllowCredentials(true);
this.processor.processRequest(this.conf, exchange);
ServerHttpResponse response = exchange.getResponse();
assertTrue(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
assertEquals("http://domain2.com", response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
assertTrue(response.getHeaders().containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
assertEquals("true", response.getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
assertNull(response.getStatusCode());
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
Test(org.junit.Test)
Example 5 with ServerHttpResponse
use of org.springframework.http.server.reactive.ServerHttpResponse in project spring-framework by spring-projects.
the class DefaultCorsProcessorTests method preflightRequestAllowedHeaders.
@Test
public void preflightRequestAllowedHeaders() throws Exception {
ServerWebExchange exchange = preFlightRequest().header(ACCESS_CONTROL_REQUEST_METHOD, "GET").header(ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2").toExchange();
this.conf.addAllowedHeader("Header1");
this.conf.addAllowedHeader("Header2");
this.conf.addAllowedHeader("Header3");
this.conf.addAllowedOrigin("http://domain2.com");
this.processor.processRequest(this.conf, exchange);
ServerHttpResponse response = exchange.getResponse();
assertTrue(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN));
assertTrue(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_HEADERS));
assertTrue(response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1"));
assertTrue(response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2"));
assertFalse(response.getHeaders().getFirst(ACCESS_CONTROL_ALLOW_HEADERS).contains("Header3"));
assertNull(response.getStatusCode());
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
Test(org.junit.Test)
Aggregations
ServerHttpResponse (org.springframework.http.server.reactive.ServerHttpResponse)30
Test (org.junit.Test)21
ServerWebExchange (org.springframework.web.server.ServerWebExchange)20
ServerHttpRequest (org.springframework.http.server.reactive.ServerHttpRequest)6
ResolvableType (org.springframework.core.ResolvableType)4
MediaType (org.springframework.http.MediaType)4
Flux (reactor.core.publisher.Flux)4
IOException (java.io.IOException)3
Collections (java.util.Collections)3
Mono (reactor.core.publisher.Mono)3
List (java.util.List)2
Map (java.util.Map)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
ReactiveAdapter (org.springframework.core.ReactiveAdapter)2
DataBufferFactory (org.springframework.core.io.buffer.DataBufferFactory)2
HttpHeaders (org.springframework.http.HttpHeaders)2
HttpMethod (org.springframework.http.HttpMethod)2
ServletServerHttpRequest (org.springframework.http.server.reactive.ServletServerHttpRequest)2
ServletServerHttpResponse (org.springframework.http.server.reactive.ServletServerHttpResponse)2
