CorsRegistry implements combine correctly

Closes gh-26877
2021-05-05 20:57:25 +01:00 · 2021-05-05 20:57:25 +01:00 · 443c34cc90
parent 959e6d1745
commit 443c34cc90
5 changed files with 47 additions and 8 deletions
--- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
+++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -475,7 +475,6 @@ public class CorsConfiguration {
 	 * @return the combined {@code CorsConfiguration}, or {@code this}
 	 * configuration if the supplied configuration is {@code null}
 	 */
-	@Nullable
 	public CorsConfiguration combine(@Nullable CorsConfiguration other) {
 		if (other == null) {
 			return this;
--- a/spring-webflux/src/main/java/org/springframework/web/reactive/config/CorsRegistration.java
+++ b/spring-webflux/src/main/java/org/springframework/web/reactive/config/CorsRegistration.java
@ -35,7 +35,7 @@ public class CorsRegistration {

 	private final String pathPattern;

-	private final CorsConfiguration config;
+	private CorsConfiguration config;


 	public CorsRegistration(String pathPattern) {
@ -149,7 +149,7 @@ public class CorsRegistration {
 	 * @since 5.3
 	 */
 	public CorsRegistration combine(CorsConfiguration other) {
-		this.config.combine(other);
+		this.config = this.config.combine(other);
 		return this;
 	}

--- a/spring-webflux/src/test/java/org/springframework/web/reactive/config/CorsRegistryTests.java
+++ b/spring-webflux/src/test/java/org/springframework/web/reactive/config/CorsRegistryTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -73,4 +73,24 @@ public class CorsRegistryTests {
 				.containsExactly("*");
 	}

+	@Test
+	void combine() {
+		CorsConfiguration otherConfig = new CorsConfiguration();
+		otherConfig.addAllowedOrigin("http://localhost:3000");
+		otherConfig.addAllowedMethod("*");
+		otherConfig.applyPermitDefaultValues();
+
+		this.registry.addMapping("/api/**").combine(otherConfig);
+
+		Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations();
+		assertThat(configs.size()).isEqualTo(1);
+		CorsConfiguration config = configs.get("/api/**");
+		assertThat(config.getAllowedOrigins()).isEqualTo(Collections.singletonList("http://localhost:3000"));
+		assertThat(config.getAllowedMethods()).isEqualTo(Collections.singletonList("*"));
+		assertThat(config.getAllowedHeaders()).isEqualTo(Collections.singletonList("*"));
+		assertThat(config.getExposedHeaders()).isEmpty();
+		assertThat(config.getAllowCredentials()).isNull();
+		assertThat(config.getMaxAge()).isEqualTo(Long.valueOf(1800));
+	}
+
 }
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java
@ -36,7 +36,7 @@ public class CorsRegistration {

 	private final String pathPattern;

-	private final CorsConfiguration config;
+	private CorsConfiguration config;


 	public CorsRegistration(String pathPattern) {
@ -150,7 +150,7 @@ public class CorsRegistration {
 	 * @since 5.3
 	 */
 	public CorsRegistration combine(CorsConfiguration other) {
-		this.config.combine(other);
+		this.config = this.config.combine(other);
 		return this;
 	}

--- a/spring-webmvc/src/test/java/org/springframework/web/servlet/config/annotation/CorsRegistryTests.java
+++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/config/annotation/CorsRegistryTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -77,4 +77,24 @@ public class CorsRegistryTests {
 				.as("Globally origins=\"*\" and allowCredentials=true should be possible")
 				.containsExactly("*");
 	}
+
+	@Test
+	void combine() {
+		CorsConfiguration otherConfig = new CorsConfiguration();
+		otherConfig.addAllowedOrigin("http://localhost:3000");
+		otherConfig.addAllowedMethod("*");
+		otherConfig.applyPermitDefaultValues();
+
+		this.registry.addMapping("/api/**").combine(otherConfig);
+
+		Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations();
+		assertThat(configs.size()).isEqualTo(1);
+		CorsConfiguration config = configs.get("/api/**");
+		assertThat(config.getAllowedOrigins()).isEqualTo(Collections.singletonList("http://localhost:3000"));
+		assertThat(config.getAllowedMethods()).isEqualTo(Collections.singletonList("*"));
+		assertThat(config.getAllowedHeaders()).isEqualTo(Collections.singletonList("*"));
+		assertThat(config.getExposedHeaders()).isEmpty();
+		assertThat(config.getAllowCredentials()).isNull();
+		assertThat(config.getMaxAge()).isEqualTo(Long.valueOf(1800));
+	}
 }