root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Rename originsPattern to originPatterns 

See gh-25016
This commit is contained in:
Rossen Stoyanchev 2020-07-07 17:43:06 +03:00
parent 8632118e8d
commit 1181bb1852
8 changed files with 134 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
View File

@ -109,7 +109,7 @@ public @interface CrossOrigin {
* See the Spring Framework reference for more on this filter.
* @see #value
*/
String[] originsPatterns() default {};
String[] originPatterns() default {};
/**
* The list of request headers that are permitted in actual requests,

50
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
View File

@ -77,7 +77,7 @@ public class CorsConfiguration {
private List<String> allowedOrigins;
@Nullable
private List<Pattern> allowedOriginsPatterns;
private List<Pattern> allowedOriginPatterns;
@Nullable
private List<String> allowedMethods;
@ -112,7 +112,7 @@ public class CorsConfiguration {
*/
public CorsConfiguration(CorsConfiguration other) {
this.allowedOrigins = other.allowedOrigins;
this.allowedOriginsPatterns = other.allowedOriginsPatterns;
this.allowedOriginPatterns = other.allowedOriginPatterns;
this.allowedMethods = other.allowedMethods;
this.resolvedMethods = other.resolvedMethods;
this.allowedHeaders = other.allowedHeaders;
@ -158,14 +158,14 @@ public class CorsConfiguration {
* Set the origins patterns to allow, e.g. {@code "*.com"}.
* <p>By default this is not set.
*/
public CorsConfiguration setAllowedOriginsPatterns(@Nullable List<String> allowedOriginsPatterns) {
if (allowedOriginsPatterns == null) {
this.allowedOriginsPatterns = null;
public CorsConfiguration setAllowedOriginPatterns(@Nullable List<String> allowedOriginPatterns) {
if (allowedOriginPatterns == null) {
this.allowedOriginPatterns = null;
}
else {
this.allowedOriginsPatterns = new ArrayList<>(allowedOriginsPatterns.size());
for (String pattern : allowedOriginsPatterns) {
this.allowedOriginsPatterns.add(Pattern.compile(pattern));
this.allowedOriginPatterns = new ArrayList<>(allowedOriginPatterns.size());
for (String pattern : allowedOriginPatterns) {
this.allowedOriginPatterns.add(Pattern.compile(pattern));
}
}
@ -176,30 +176,30 @@ public class CorsConfiguration {
* Return the configured origins patterns to allow, or {@code null} if none.
*
* @see #addAllowedOriginPattern(String)
* @see #setAllowedOriginsPatterns(List)
* @see #setAllowedOriginPatterns(List)
*/
@Nullable
public List<String> getAllowedOriginsPatterns() {
if (this.allowedOriginsPatterns == null) {
public List<String> getAllowedOriginPatterns() {
if (this.allowedOriginPatterns == null) {
return null;
}
if (this.allowedOriginsPatterns == DEFAULT_PERMIT_ALL_PATTERN) {
if (this.allowedOriginPatterns == DEFAULT_PERMIT_ALL_PATTERN) {
return DEFAULT_PERMIT_ALL_PATTERN_STR;
}
return this.allowedOriginsPatterns.stream().map(Pattern::toString).collect(Collectors.toList());
return this.allowedOriginPatterns.stream().map(Pattern::toString).collect(Collectors.toList());
}
/**
* Add an origin pattern to allow.
*/
public void addAllowedOriginPattern(String originPattern) {
if (this.allowedOriginsPatterns == null) {
this.allowedOriginsPatterns = new ArrayList<>(4);
if (this.allowedOriginPatterns == null) {
this.allowedOriginPatterns = new ArrayList<>(4);
}
else if (this.allowedOriginsPatterns == DEFAULT_PERMIT_ALL_PATTERN) {
setAllowedOriginsPatterns(DEFAULT_PERMIT_ALL_PATTERN_STR);
else if (this.allowedOriginPatterns == DEFAULT_PERMIT_ALL_PATTERN) {
setAllowedOriginPatterns(DEFAULT_PERMIT_ALL_PATTERN_STR);
}
this.allowedOriginsPatterns.add(Pattern.compile(originPattern));
this.allowedOriginPatterns.add(Pattern.compile(originPattern));
}
/**
@ -413,7 +413,7 @@ public class CorsConfiguration {
* </ul>
*/
public CorsConfiguration applyPermitDefaultValues() {
if (this.allowedOrigins == null && this.allowedOriginsPatterns == null) {
if (this.allowedOrigins == null && this.allowedOriginPatterns == null) {
this.allowedOrigins = DEFAULT_PERMIT_ALL;
}
if (this.allowedMethods == null) {
@ -455,13 +455,13 @@ public class CorsConfiguration {
}
CorsConfiguration config = new CorsConfiguration(this);
List<String> combinedOrigins = combine(getAllowedOrigins(), other.getAllowedOrigins());
List<String> combinedOriginsPatterns = combine(getAllowedOriginsPatterns(), other.getAllowedOriginsPatterns());
if (combinedOrigins == DEFAULT_PERMIT_ALL && combinedOriginsPatterns != DEFAULT_PERMIT_ALL_PATTERN_STR
&& !CollectionUtils.isEmpty(combinedOriginsPatterns)) {
List<String> combinedOriginPatterns = combine(getAllowedOriginPatterns(), other.getAllowedOriginPatterns());
if (combinedOrigins == DEFAULT_PERMIT_ALL && combinedOriginPatterns != DEFAULT_PERMIT_ALL_PATTERN_STR
&& !CollectionUtils.isEmpty(combinedOriginPatterns)) {
combinedOrigins = null;
}
config.setAllowedOrigins(combinedOrigins);
config.setAllowedOriginsPatterns(combinedOriginsPatterns);
config.setAllowedOriginPatterns(combinedOriginPatterns);
config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods()));
config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders()));
config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders()));
@ -529,8 +529,8 @@ public class CorsConfiguration {
}
}
}
if (!ObjectUtils.isEmpty(this.allowedOriginsPatterns)) {
for (Pattern allowedOriginsPattern : this.allowedOriginsPatterns) {
if (!ObjectUtils.isEmpty(this.allowedOriginPatterns)) {
for (Pattern allowedOriginsPattern : this.allowedOriginPatterns) {
if (allowedOriginsPattern.pattern().equals(ALL_PATTERN)) {
if (this.allowCredentials != Boolean.TRUE) {
return ALL;

174
spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
View File

@ -50,28 +50,28 @@ public class CorsConfigurationTests {
assertThat(config.getAllowCredentials()).isNull();
config.setMaxAge((Long) null);
assertThat(config.getMaxAge()).isNull();
config.setAllowedOriginsPatterns(null);
assertThat(config.getAllowedOriginsPatterns()).isNull();
config.setAllowedOriginPatterns(null);
assertThat(config.getAllowedOriginPatterns()).isNull();
}
@Test
public void setValues() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedOrigins()).containsExactly("*");
config.addAllowedHeader("*");
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedHeaders()).containsExactly("*");
config.addAllowedMethod("*");
assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedMethods()).containsExactly("*");
config.addExposedHeader("header1");
config.addExposedHeader("header2");
assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header1", "header2"));
assertThat(config.getExposedHeaders()).containsExactly("header1", "header2");
config.setAllowCredentials(true);
assertThat((boolean) config.getAllowCredentials()).isTrue();
assertThat(config.getAllowCredentials()).isTrue();
config.setMaxAge(123L);
assertThat(config.getMaxAge()).isEqualTo(new Long(123));
config.addAllowedOriginPattern(".*\\.example\\.com");
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.example\\.com"));
assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.example\\.com");
}
@Test
@ -84,16 +84,16 @@ public class CorsConfigurationTests {
@Test
public void asteriskWildCardOnSetExposedHeaders() {
CorsConfiguration config = new CorsConfiguration();
assertThatIllegalArgumentException().isThrownBy(() ->
config.setExposedHeaders(Arrays.asList("*")));
assertThatIllegalArgumentException()
.isThrownBy(() -> config.setExposedHeaders(Collections.singletonList("*")));
}
@Test
public void combineWithNull() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Arrays.asList("*"));
config.setAllowedOrigins(Collections.singletonList("*"));
config.combine(null);
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedOrigins()).containsExactly("*");
}
@Test
@ -105,16 +105,17 @@ public class CorsConfigurationTests {
config.addAllowedMethod(HttpMethod.GET.name());
config.setMaxAge(123L);
config.setAllowCredentials(true);
config.setAllowedOriginsPatterns(Arrays.asList(".*\\.example\\.com"));
config.setAllowedOriginPatterns(Collections.singletonList(".*\\.example\\.com"));
CorsConfiguration other = new CorsConfiguration();
config = config.combine(other);
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("header1"));
assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header3"));
assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name()));
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).containsExactly("*");
assertThat(config.getAllowedHeaders()).containsExactly("header1");
assertThat(config.getExposedHeaders()).containsExactly("header3");
assertThat(config.getAllowedMethods()).containsExactly(HttpMethod.GET.name());
assertThat(config.getMaxAge()).isEqualTo(new Long(123));
assertThat((boolean) config.getAllowCredentials()).isTrue();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.example\\.com"));
assertThat(config.getAllowCredentials()).isTrue();
assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.example\\.com");
}
@Test // SPR-15772
@ -126,26 +127,30 @@ public class CorsConfigurationTests {
other.addAllowedMethod(HttpMethod.PUT.name());
CorsConfiguration combinedConfig = config.combine(other);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com"));
assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.PUT.name()));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com");
assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1");
assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.PUT.name());
combinedConfig = other.combine(config);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com"));
assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.PUT.name()));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com");
assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1");
assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.PUT.name());
combinedConfig = config.combine(new CorsConfiguration());
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(),
HttpMethod.POST.name()));
assertThat(config.getAllowedOrigins()).containsExactly("*");
assertThat(config.getAllowedHeaders()).containsExactly("*");
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedMethods())
.containsExactly(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name());
combinedConfig = new CorsConfiguration().combine(config);
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(),
HttpMethod.POST.name()));
assertThat(config.getAllowedOrigins()).containsExactly("*");
assertThat(config.getAllowedHeaders()).containsExactly("*");
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedMethods())
.containsExactly(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name());
}
@Test
@ -155,28 +160,32 @@ public class CorsConfigurationTests {
other.addAllowedOriginPattern(".*\\.com");
CorsConfiguration combinedConfig = other.combine(config);
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).isNull();
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com"));
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com");
combinedConfig = config.combine(other);
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).isNull();
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com"));
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com");
}
@Test
public void combinePatternWithDefaultPermitValuesAndCustomOrigin() {
CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
config.setAllowedOrigins(Arrays.asList("https://domain.com"));
config.setAllowedOrigins(Collections.singletonList("https://domain.com"));
CorsConfiguration other = new CorsConfiguration();
other.addAllowedOriginPattern(".*\\.com");
CorsConfiguration combinedConfig = other.combine(config);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com"));
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com"));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com");
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com");
combinedConfig = config.combine(other);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com"));
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com"));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com");
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com");
}
@Test
@ -193,15 +202,17 @@ public class CorsConfigurationTests {
other.addAllowedOriginPattern(".*\\.company\\.com");
other.addAllowedMethod(HttpMethod.PUT.name());
CorsConfiguration combinedConfig = config.combine(other);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*"));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("*");
assertThat(combinedConfig.getAllowedHeaders()).containsExactly("*");
assertThat(combinedConfig.getAllowedMethods()).containsExactly("*");
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*");
combinedConfig = other.combine(config);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList("*"));
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*"));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("*");
assertThat(combinedConfig.getAllowedHeaders()).containsExactly("*");
assertThat(combinedConfig.getAllowedMethods()).containsExactly("*");
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*");
}
@Test // SPR-14792
@ -224,11 +235,12 @@ public class CorsConfigurationTests {
other.addAllowedMethod(HttpMethod.GET.name());
other.addAllowedOriginPattern(".*\\.domain1\\.com");
CorsConfiguration combinedConfig = config.combine(other);
assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain1.com", "https://domain2.com"));
assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1", "header2"));
assertThat(combinedConfig.getExposedHeaders()).isEqualTo(Arrays.asList("header3", "header4"));
assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()));
assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.domain1\\.com", ".*\\.domain2\\.com"));
assertThat(combinedConfig).isNotNull();
assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain1.com", "https://domain2.com");
assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1", "header2");
assertThat(combinedConfig.getExposedHeaders()).containsExactly("header3", "header4");
assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.GET.name(), HttpMethod.PUT.name());
assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.domain1\\.com", ".*\\.domain2\\.com");
}
@Test
@ -250,23 +262,25 @@ public class CorsConfigurationTests {
other.setAllowCredentials(false);
other.addAllowedOriginPattern(".*\\.domain2\\.com");
config = config.combine(other);
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain1.com", "https://domain2.com"));
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("header1", "header2"));
assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header3", "header4"));
assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()));
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).containsExactly("https://domain1.com", "https://domain2.com");
assertThat(config.getAllowedHeaders()).containsExactly("header1", "header2");
assertThat(config.getExposedHeaders()).containsExactly("header3", "header4");
assertThat(config.getAllowedMethods()).containsExactly(HttpMethod.GET.name(), HttpMethod.PUT.name());
assertThat(config.getMaxAge()).isEqualTo(new Long(456));
assertThat((boolean) config.getAllowCredentials()).isFalse();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.domain1\\.com", ".*\\.domain2\\.com"));
assertThat(config).isNotNull();
assertThat(config.getAllowCredentials()).isFalse();
assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.domain1\\.com", ".*\\.domain2\\.com");
}
@Test
public void checkOriginAllowed() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Arrays.asList("*"));
config.setAllowedOrigins(Collections.singletonList("*"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("*");
config.setAllowCredentials(true);
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
config.setAllowedOrigins(Arrays.asList("https://domain.com"));
config.setAllowedOrigins(Collections.singletonList("https://domain.com"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
config.setAllowCredentials(false);
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
@ -279,7 +293,7 @@ public class CorsConfigurationTests {
assertThat(config.checkOrigin("https://domain.com")).isNull();
config.addAllowedOrigin("*");
assertThat(config.checkOrigin(null)).isNull();
config.setAllowedOrigins(Arrays.asList("https://domain1.com"));
config.setAllowedOrigins(Collections.singletonList("https://domain1.com"));
assertThat(config.checkOrigin("https://domain2.com")).isNull();
config.setAllowedOrigins(new ArrayList<>());
assertThat(config.checkOrigin("https://domain.com")).isNull();
@ -288,11 +302,11 @@ public class CorsConfigurationTests {
@Test
public void checkOriginPatternAllowed() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOriginsPatterns(Arrays.asList(".*"));
config.setAllowedOriginPatterns(Collections.singletonList(".*"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("*");
config.setAllowCredentials(true);
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
config.setAllowedOriginsPatterns(Arrays.asList(".*\\.domain\\.com"));
config.setAllowedOriginPatterns(Collections.singletonList(".*\\.domain\\.com"));
assertThat(config.checkOrigin("https://example.domain.com")).isEqualTo("https://example.domain.com");
config.setAllowCredentials(false);
assertThat(config.checkOrigin("https://example.domain.com")).isEqualTo("https://example.domain.com");
@ -305,21 +319,21 @@ public class CorsConfigurationTests {
assertThat(config.checkOrigin("https://domain.com")).isNull();
config.addAllowedOriginPattern(".*");
assertThat(config.checkOrigin(null)).isNull();
config.setAllowedOriginsPatterns(Arrays.asList(".*\\.domain1\\.com"));
config.setAllowedOriginPatterns(Collections.singletonList(".*\\.domain1\\.com"));
assertThat(config.checkOrigin("https://domain2.com")).isNull();
config.setAllowedOriginsPatterns(new ArrayList<>());
config.setAllowedOriginPatterns(new ArrayList<>());
assertThat(config.checkOrigin("https://domain.com")).isNull();
}
@Test
public void checkMethodAllowed() {
CorsConfiguration config = new CorsConfiguration();
assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD));
assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET, HttpMethod.HEAD);
config.addAllowedMethod("GET");
assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET));
assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET);
config.addAllowedMethod("POST");
assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
assertThat(config.checkHttpMethod(HttpMethod.POST)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET, HttpMethod.POST);
assertThat(config.checkHttpMethod(HttpMethod.POST)).containsExactly(HttpMethod.GET, HttpMethod.POST);
}
@Test
@ -337,21 +351,21 @@ public class CorsConfigurationTests {
assertThat(config.checkHeaders(Collections.emptyList())).isEqualTo(Collections.emptyList());
config.addAllowedHeader("header1");
config.addAllowedHeader("header2");
assertThat(config.checkHeaders(Arrays.asList("header1"))).isEqualTo(Arrays.asList("header1"));
assertThat(config.checkHeaders(Arrays.asList("header1", "header2"))).isEqualTo(Arrays.asList("header1", "header2"));
assertThat(config.checkHeaders(Arrays.asList("header1", "header2", "header3"))).isEqualTo(Arrays.asList("header1", "header2"));
assertThat(config.checkHeaders(Collections.singletonList("header1"))).containsExactly("header1");
assertThat(config.checkHeaders(Arrays.asList("header1", "header2"))).containsExactly("header1", "header2");
assertThat(config.checkHeaders(Arrays.asList("header1", "header2", "header3"))).containsExactly("header1", "header2");
}
@Test
public void checkHeadersNotAllowed() {
CorsConfiguration config = new CorsConfiguration();
assertThat(config.checkHeaders(null)).isNull();
assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull();
assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull();
config.setAllowedHeaders(Collections.emptyList());
assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull();
assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull();
config.addAllowedHeader("header2");
config.addAllowedHeader("header3");
assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull();
assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull();
}
@Test // SPR-15772
@ -360,9 +374,9 @@ public class CorsConfigurationTests {
config.addAllowedOrigin("https://domain.com");
config.addAllowedHeader("header1");
config.addAllowedMethod("PATCH");
assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*", "https://domain.com"));
assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*", "header1"));
assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList("GET", "HEAD", "POST", "PATCH"));
assertThat(config.getAllowedOrigins()).containsExactly("*", "https://domain.com");
assertThat(config.getAllowedHeaders()).containsExactly("*", "header1");
assertThat(config.getAllowedMethods()).containsExactly("GET", "HEAD", "POST", "PATCH");
}
@Test
@ -371,6 +385,6 @@ public class CorsConfigurationTests {
config.addAllowedOriginPattern(".*\\.com");
config = config.applyPermitDefaultValues();
assertThat(config.getAllowedOrigins()).isNull();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com"));
assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.com");
}
}

4
spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java
View File

@ -315,8 +315,8 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
for (String origin : annotation.origins()) {
config.addAllowedOrigin(resolveCorsAnnotationValue(origin));
}
for (String originsPattern : annotation.originsPatterns()) {
config.addAllowedOriginPattern(resolveCorsAnnotationValue(originsPattern));
for (String patterns : annotation.originPatterns()) {
config.addAllowedOriginPattern(resolveCorsAnnotationValue(patterns));
}
for (RequestMethod method : annotation.methods()) {
config.addAllowedMethod(method.name());

9
spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java
View File

@ -282,12 +282,13 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr
@Configuration
@EnableWebFlux
@ComponentScan(resourcePattern = "**/CrossOriginAnnotationIntegrationTests*")
@SuppressWarnings({"unused", "WeakerAccess"})
@SuppressWarnings("WeakerAccess")
static class WebConfig {
}
@RestController @SuppressWarnings("unused")
@RestController
@SuppressWarnings("unused")
private static class MethodLevelController {
@GetMapping("/no")
@ -357,13 +358,13 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr
return "placeholder";
}
@CrossOrigin(originsPatterns = ".*\\.com")
@CrossOrigin(originPatterns = ".*\\.com")
@GetMapping("/origin-pattern-value-attribute")
public String customOriginPatternDefinedViaValueAttribute() {
return "pattern-value-attribute";
}
@CrossOrigin(originsPatterns = "${myOriginPattern}")
@CrossOrigin(originPatterns = "${myOriginPattern}")
@GetMapping("/origin-pattern-placeholder")
public String customOriginPatternDefinedViaPlaceholder() {
return "pattern-placeholder";

4
spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
View File

@ -451,8 +451,8 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
for (String origin : annotation.origins()) {
config.addAllowedOrigin(resolveCorsAnnotationValue(origin));
}
for (String originPatter : annotation.originsPatterns()) {
config.addAllowedOriginPattern(resolveCorsAnnotationValue(originPatter));
for (String patterns : annotation.originPatterns()) {
config.addAllowedOriginPattern(resolveCorsAnnotationValue(patterns));
}
for (RequestMethod method : annotation.methods()) {
config.addAllowedMethod(method.name());

2
spring-webmvc/src/test/java/org/springframework/web/servlet/handler/CorsAbstractHandlerMappingTests.java
View File

@ -130,7 +130,7 @@ class CorsAbstractHandlerMappingTests {
assertThat(chain).isNotNull();
assertThat(chain.getHandler()).isInstanceOf(SimpleHandler.class);
assertThat(mapping.getRequiredCorsConfig().getAllowedOriginsPatterns()).containsExactly(".*\\.domain2\\.com");
assertThat(mapping.getRequiredCorsConfig().getAllowedOriginPatterns()).containsExactly(".*\\.domain2\\.com");
}
@PathPatternsParameterizedTest

8
spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
View File

@ -206,7 +206,7 @@ class CrossOriginTests {
CorsConfiguration config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).isNull();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowCredentials()).isNull();
}
@ -218,7 +218,7 @@ class CrossOriginTests {
CorsConfiguration config = getCorsConfiguration(chain, false);
assertThat(config).isNotNull();
assertThat(config.getAllowedOrigins()).isNull();
assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com"));
assertThat(config.getAllowCredentials()).isNull();
}
@ -433,12 +433,12 @@ class CrossOriginTests {
public void customOriginDefinedViaPlaceholder() {
}
@CrossOrigin(originsPatterns = ".*\\.example\\.com")
@CrossOrigin(originPatterns = ".*\\.example\\.com")
@RequestMapping("/customOriginPattern")
public void customOriginPatternDefinedViaValueAttribute() {
}
@CrossOrigin(originsPatterns = "${myDomainPattern}")
@CrossOrigin(originPatterns = "${myDomainPattern}")
@RequestMapping("/customOriginPatternPlaceholder")
public void customOriginPatternDefinedViaPlaceholder() {
}