root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Trim last allowed origin in comma-delimited list 

See gh-33181
This commit is contained in:
kevin.kep 2024-07-10 09:45:07 +09:00 committed by rstoyanchev
parent 6becfe2508
commit 2fe7ab1f92
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
View File

@ -281,7 +281,7 @@ public class CorsConfiguration {
}
}
if (start < rawValue.length()) {
valueConsumer.accept(rawValue.substring(start));
valueConsumer.accept(rawValue.substring(start).trim());
}
}

5
spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
View File

@ -305,6 +305,11 @@ class CorsConfigurationTests {
assertThat(config.checkOrigin("https://a1.com")).isEqualTo("https://a1.com");
assertThat(config.checkOrigin("https://a2.com/")).isEqualTo("https://a2.com/");
// comma-delimited origins list with space
config.setAllowedOrigins(Collections.singletonList("https://a1.com, https://a2.com"));
assertThat(config.checkOrigin("https://a1.com")).isEqualTo("https://a1.com");
assertThat(config.checkOrigin("https://a2.com/")).isEqualTo("https://a2.com/");
// specific origin matches Origin header with or without trailing "/"
config.setAllowedOrigins(Collections.singletonList("https://domain.com"));
assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");