root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Merge pull request #1211 from sdeleuze/SPR-14798

This commit is contained in:
Rossen Stoyanchev 2016-10-19 16:31:56 -04:00
parent 25e7cd577d 72397e3505
commit ed6c533079
8 changed files with 224 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
spring-web-reactive/src/main/java/org/springframework/web/reactive/config/CorsRegistration.java
View File

@ -19,20 +19,16 @@ package org.springframework.web.reactive.config;
import java.util.ArrayList;
import java.util.Arrays;
import org.springframework.http.HttpMethod;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
/**
* Assists with the creation of a {@link CorsConfiguration} instance mapped to
* a path pattern.
*
* <p>If no path pattern is specified, by default cross-origin request handling
* is mapped to {@code "/**"}. Also by default, all origins, headers,
* credentials and {@code GET}, {@code HEAD}, and {@code POST} methods are
* allowed, while the max age is set to 30 minutes.
* a path pattern. By default all origins, headers, and credentials for
* {@code GET}, {@code HEAD}, and {@code POST} requests are allowed while the
* max age is set to 30 minutes.
*
* @author Sebastien Deleuze
* @author Rossen Stoyanchev
* @since 5.0
* @see CorsRegistry
*/
@ -43,44 +39,84 @@ public class CorsRegistration {
private final CorsConfiguration config;
/**
* Create a new {@link CorsRegistration} that allows all origins, headers, and
* credentials for {@code GET}, {@code HEAD}, and {@code POST} requests with
* max age set to 1800 seconds (30 minutes) for the specified path.
*
* @param pathPattern the path that the CORS configuration should apply to;
* exact path mapping URIs (such as {@code "/admin"}) are supported as well
* as Ant-style path patterns (such as {@code "/admin/**"}).
*/
public CorsRegistration(String pathPattern) {
this.pathPattern = pathPattern;
// Same implicit default values as the @CrossOrigin annotation + allows simple methods
this.config = new CorsConfiguration();
this.config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
this.config.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(),
HttpMethod.HEAD.name(), HttpMethod.POST.name()));
this.config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
this.config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
this.config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
this.config = new CorsConfiguration().applyPermitDefaultValues();
}
/**
* Set the origins to allow, e.g. {@code "http://domain1.com"}.
* <p>The special value {@code "*"} allows all domains.
* <p>By default all origins are allowed.
*/
public CorsRegistration allowedOrigins(String... origins) {
this.config.setAllowedOrigins(new ArrayList<>(Arrays.asList(origins)));
return this;
}
/**
* Set the HTTP methods to allow, e.g. {@code "GET"}, {@code "POST"}, etc.
* <p>The special value {@code "*"} allows all methods.
* <p>By default "simple" methods {@code GET}, {@code HEAD}, and {@code POST}
* are allowed.
*/
public CorsRegistration allowedMethods(String... methods) {
this.config.setAllowedMethods(new ArrayList<>(Arrays.asList(methods)));
return this;
}
/**
* Set the list of headers that a pre-flight request can list as allowed
* for use during an actual request.
* <p>The special value {@code "*"} may be used to allow all headers.
* <p>A header name is not required to be listed if it is one of:
* {@code Cache-Control}, {@code Content-Language}, {@code Expires},
* {@code Last-Modified}, or {@code Pragma} as per the CORS spec.
* <p>By default all headers are allowed.
*/
public CorsRegistration allowedHeaders(String... headers) {
this.config.setAllowedHeaders(new ArrayList<>(Arrays.asList(headers)));
return this;
}
/**
* Set the list of response headers other than "simple" headers, i.e.
* {@code Cache-Control}, {@code Content-Language}, {@code Content-Type},
* {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an
* actual response might have and can be exposed.
* <p>Note that {@code "*"} is not supported on this property.
* <p>By default this is not set.
*/
public CorsRegistration exposedHeaders(String... headers) {
this.config.setExposedHeaders(new ArrayList<>(Arrays.asList(headers)));
return this;
}
/**
* Configure how long in seconds the response from a pre-flight request
* can be cached by clients.
* <p>By default this is set to 1800 seconds (30 minutes).
*/
public CorsRegistration maxAge(long maxAge) {
this.config.setMaxAge(maxAge);
return this;
}
/**
* Whether user credentials are supported.
* <p>By default this is set to {@code true} in which case user credentials
* are supported.
*/
public CorsRegistration allowCredentials(boolean allowCredentials) {
this.config.setAllowCredentials(allowCredentials);
return this;

16
spring-web-reactive/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java
View File

@ -18,7 +18,6 @@ package org.springframework.web.reactive.result.method.annotation;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Set;
import org.springframework.context.EmbeddedValueResolverAware;
@ -294,25 +293,12 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
updateCorsConfig(config, typeAnnotation);
updateCorsConfig(config, methodAnnotation);
if (CollectionUtils.isEmpty(config.getAllowedOrigins())) {
config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
}
if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {
config.addAllowedMethod(allowedMethod.name());
}
}
if (CollectionUtils.isEmpty(config.getAllowedHeaders())) {
config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
}
if (config.getAllowCredentials() == null) {
config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
}
if (config.getMaxAge() == null) {
config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
}
return config;
return config.applyPermitDefaultValues();
}
private void updateCorsConfig(CorsConfiguration config, CrossOrigin annotation) {

22
spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
View File

@ -23,11 +23,15 @@ import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.core.annotation.AliasFor;
import org.springframework.web.cors.CorsConfiguration;
/**
* Marks the annotated method or type as permitting cross origin requests.
*
* <p>By default, all origins and headers are permitted.
* <p>By default all origins and headers are permitted, credentials are allowed,
* and the maximum age is set to 1800 seconds (30 minutes). The list of HTTP
* methods is set to the methods on the {@code @RequestMapping} if not
* explicitly set on {@code @CrossOrigin}.
*
* <p><b>NOTE:</b> {@code @CrossOrigin} is processed if an appropriate
* {@code HandlerMapping}-{@code HandlerAdapter} pair is configured such as the
@ -44,12 +48,28 @@ import org.springframework.core.annotation.AliasFor;
@Documented
public @interface CrossOrigin {
/**
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyPermitDefaultValues}
*/
@Deprecated
String[] DEFAULT_ORIGINS = { "*" };
/**
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyPermitDefaultValues}
*/
@Deprecated
String[] DEFAULT_ALLOWED_HEADERS = { "*" };
/**
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyPermitDefaultValues}
*/
@Deprecated
boolean DEFAULT_ALLOW_CREDENTIALS = true;
/**
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyPermitDefaultValues}
*/
@Deprecated
long DEFAULT_MAX_AGE = 1800;

133
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
View File

@ -17,6 +17,7 @@
package org.springframework.web.cors;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
@ -28,8 +29,16 @@ import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
/**
* A container for CORS configuration that also provides methods to check
* the actual or requested origin, HTTP methods, and headers.
* A container for CORS configuration along with methods to check against the
* actual origin, HTTP methods, and headers of a given request.
*
* <p>By default a newly created {@code CorsConfiguration} does not permit any
* cross-origin requests and must be configured explicitly to indicate what
* should be allowed.
*
* <p>Use {@link #applyPermitDefaultValues()} to flip the initialization model
* to start with open defaults that permit all cross-origin requests for GET,
* HEAD, and POST requests.
*
* @author Sebastien Deleuze
* @author Rossen Stoyanchev
@ -71,7 +80,9 @@ public class CorsConfiguration {
/**
* Construct a new, empty {@code CorsConfiguration} instance.
* Construct a new {@code CorsConfiguration} instance with no cross-origin
* requests allowed for any origin by default.
* @see #applyPermitDefaultValues()
*/
public CorsConfiguration() {
}
@ -91,45 +102,6 @@ public class CorsConfiguration {
}
/**
* Combine the supplied {@code CorsConfiguration} with this one.
* <p>Properties of this configuration are overridden by any non-null
* properties of the supplied one.
* @return the combined {@code CorsConfiguration} or {@code this}
* configuration if the supplied configuration is {@code null}
*/
public CorsConfiguration combine(CorsConfiguration other) {
if (other == null) {
return this;
}
CorsConfiguration config = new CorsConfiguration(this);
config.setAllowedOrigins(combine(getAllowedOrigins(), other.getAllowedOrigins()));
config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods()));
config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders()));
config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders()));
Boolean allowCredentials = other.getAllowCredentials();
if (allowCredentials != null) {
config.setAllowCredentials(allowCredentials);
}
Long maxAge = other.getMaxAge();
if (maxAge != null) {
config.setMaxAge(maxAge);
}
return config;
}
private List<String> combine(List<String> source, List<String> other) {
if (other == null || other.contains(ALL)) {
return source;
}
if (source == null || source.contains(ALL)) {
return other;
}
Set<String> combined = new LinkedHashSet<>(source);
combined.addAll(other);
return new ArrayList<>(combined);
}
/**
* Set the origins to allow, e.g. {@code "http://domain1.com"}.
* <p>The special value {@code "*"} allows all domains.
@ -325,6 +297,83 @@ public class CorsConfiguration {
return this.maxAge;
}
/**
* By default a newly created {@code CorsConfiguration} does not permit any
* cross-origin requests and must be configured explicitly to indicate what
* should be allowed.
*
* <p>Use this method to flip the initialization model to start with open
* defaults that permit all cross-origin requests for GET, HEAD, and POST
* requests. Note however that this method will not override any existing
* values already set.
*
* <p>The following defaults are applied if not already set:
* <ul>
* <li>Allow all origins, i.e. {@code "*"}.</li>
* <li>Allow "simple" methods {@code GET}, {@code HEAD} and {@code POST}.</li>
* <li>Allow all headers.</li>
* <li>Allow credentials.</li>
* <li>Set max age to 1800 seconds (30 minutes).</li>
* </ul>
*/
public CorsConfiguration applyPermitDefaultValues() {
if (this.allowedOrigins == null) {
this.addAllowedOrigin(ALL);
}
if (this.allowedMethods == null) {
this.setAllowedMethods(Arrays.asList(
HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()));
}
if (this.allowedHeaders == null) {
this.addAllowedHeader(ALL);
}
if (this.allowCredentials == null) {
this.setAllowCredentials(true);
}
if (this.maxAge == null) {
this.setMaxAge(1800L);
}
return this;
}
/**
* Combine the supplied {@code CorsConfiguration} with this one.
* <p>Properties of this configuration are overridden by any non-null
* properties of the supplied one.
* @return the combined {@code CorsConfiguration} or {@code this}
* configuration if the supplied configuration is {@code null}
*/
public CorsConfiguration combine(CorsConfiguration other) {
if (other == null) {
return this;
}
CorsConfiguration config = new CorsConfiguration(this);
config.setAllowedOrigins(combine(getAllowedOrigins(), other.getAllowedOrigins()));
config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods()));
config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders()));
config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders()));
Boolean allowCredentials = other.getAllowCredentials();
if (allowCredentials != null) {
config.setAllowCredentials(allowCredentials);
}
Long maxAge = other.getMaxAge();
if (maxAge != null) {
config.setMaxAge(maxAge);
}
return config;
}
private List<String> combine(List<String> source, List<String> other) {
if (other == null || other.contains(ALL)) {
return source;
}
if (source == null || source.contains(ALL)) {
return other;
}
Set<String> combined = new LinkedHashSet<>(source);
combined.addAll(other);
return new ArrayList<>(combined);
}
/**
* Check the origin of the request against the configured allowed origins.

37
spring-webmvc/src/main/java/org/springframework/web/servlet/config/CorsBeanDefinitionParser.java
View File

@ -26,7 +26,6 @@ import org.w3c.dom.Element;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.http.HttpMethod;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.springframework.web.cors.CorsConfiguration;
@ -42,18 +41,6 @@ import org.springframework.web.cors.CorsConfiguration;
*/
public class CorsBeanDefinitionParser implements BeanDefinitionParser {
private static final List<String> DEFAULT_ALLOWED_ORIGINS = Arrays.asList("*");
private static final List<String> DEFAULT_ALLOWED_METHODS =
Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name());
private static final List<String> DEFAULT_ALLOWED_HEADERS = Arrays.asList("*");
private static final boolean DEFAULT_ALLOW_CREDENTIALS = true;
private static final long DEFAULT_MAX_AGE = 1600;
@Override
public BeanDefinition parse(Element element, ParserContext parserContext) {
@ -61,12 +48,7 @@ public class CorsBeanDefinitionParser implements BeanDefinitionParser {
List<Element> mappings = DomUtils.getChildElementsByTagName(element, "mapping");
if (mappings.isEmpty()) {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(DEFAULT_ALLOWED_ORIGINS);
config.setAllowedMethods(DEFAULT_ALLOWED_METHODS);
config.setAllowedHeaders(DEFAULT_ALLOWED_HEADERS);
config.setAllowCredentials(DEFAULT_ALLOW_CREDENTIALS);
config.setMaxAge(DEFAULT_MAX_AGE);
CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
corsConfigurations.put("/**", config);
}
else {
@ -76,23 +58,14 @@ public class CorsBeanDefinitionParser implements BeanDefinitionParser {
String[] allowedOrigins = StringUtils.tokenizeToStringArray(mapping.getAttribute("allowed-origins"), ",");
config.setAllowedOrigins(Arrays.asList(allowedOrigins));
}
else {
config.setAllowedOrigins(DEFAULT_ALLOWED_ORIGINS);
}
if (mapping.hasAttribute("allowed-methods")) {
String[] allowedMethods = StringUtils.tokenizeToStringArray(mapping.getAttribute("allowed-methods"), ",");
config.setAllowedMethods(Arrays.asList(allowedMethods));
}
else {
config.setAllowedMethods(DEFAULT_ALLOWED_METHODS);
}
if (mapping.hasAttribute("allowed-headers")) {
String[] allowedHeaders = StringUtils.tokenizeToStringArray(mapping.getAttribute("allowed-headers"), ",");
config.setAllowedHeaders(Arrays.asList(allowedHeaders));
}
else {
config.setAllowedHeaders(DEFAULT_ALLOWED_HEADERS);
}
if (mapping.hasAttribute("exposed-headers")) {
String[] exposedHeaders = StringUtils.tokenizeToStringArray(mapping.getAttribute("exposed-headers"), ",");
config.setExposedHeaders(Arrays.asList(exposedHeaders));
@ -100,16 +73,10 @@ public class CorsBeanDefinitionParser implements BeanDefinitionParser {
if (mapping.hasAttribute("allow-credentials")) {
config.setAllowCredentials(Boolean.parseBoolean(mapping.getAttribute("allow-credentials")));
}
else {
config.setAllowCredentials(DEFAULT_ALLOW_CREDENTIALS);
}
if (mapping.hasAttribute("max-age")) {
config.setMaxAge(Long.parseLong(mapping.getAttribute("max-age")));
}
else {
config.setMaxAge(DEFAULT_MAX_AGE);
}
corsConfigurations.put(mapping.getAttribute("path"), config);
corsConfigurations.put(mapping.getAttribute("path"), config.applyPermitDefaultValues());
}
}

72
spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java
View File

@ -19,22 +19,16 @@ package org.springframework.web.servlet.config.annotation;
import java.util.ArrayList;
import java.util.Arrays;
import org.springframework.http.HttpMethod;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
/**
* {@code CorsRegistration} assists with the creation of a
* {@link CorsConfiguration} instance mapped to a path pattern.
*
* <p>If no path pattern is specified, cross-origin request handling is
* mapped to {@code "/**"}.
*
* <p>By default, all origins, all headers, credentials and {@code GET},
* {@code HEAD}, and {@code POST} methods are allowed, and the max age is
* set to 30 minutes.
* Assists with the creation of a {@link CorsConfiguration} instance mapped to
* a path pattern. By default all origins, headers, and credentials for
* {@code GET}, {@code HEAD}, and {@code POST} requests are allowed while the
* max age is set to 30 minutes.
*
* @author Sebastien Deleuze
* @author Rossen Stoyanchev
* @author Sam Brannen
* @since 4.2
* @see CorsConfiguration
@ -47,43 +41,85 @@ public class CorsRegistration {
private final CorsConfiguration config;
/**
* Create a new {@link CorsRegistration} that allows all origins, headers, and
* credentials for {@code GET}, {@code HEAD}, and {@code POST} requests with
* max age set to 1800 seconds (30 minutes) for the specified path.
*
* @param pathPattern the path that the CORS configuration should apply to;
* exact path mapping URIs (such as {@code "/admin"}) are supported as well
* as Ant-style path patterns (such as {@code "/admin/**"}).
*/
public CorsRegistration(String pathPattern) {
this.pathPattern = pathPattern;
// Same implicit default values as the @CrossOrigin annotation + allows simple methods
this.config = new CorsConfiguration();
this.config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
this.config.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(),
HttpMethod.HEAD.name(), HttpMethod.POST.name()));
this.config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
this.config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
this.config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
this.config = new CorsConfiguration().applyPermitDefaultValues();
}
/**
* Set the origins to allow, e.g. {@code "http://domain1.com"}.
* <p>The special value {@code "*"} allows all domains.
* <p>By default, all origins are allowed.
*/
public CorsRegistration allowedOrigins(String... origins) {
this.config.setAllowedOrigins(new ArrayList<>(Arrays.asList(origins)));
return this;
}
/**
* Set the HTTP methods to allow, e.g. {@code "GET"}, {@code "POST"}, etc.
* <p>The special value {@code "*"} allows all methods.
* <p>By default "simple" methods {@code GET}, {@code HEAD}, and {@code POST}
* are allowed.
*/
public CorsRegistration allowedMethods(String... methods) {
this.config.setAllowedMethods(new ArrayList<>(Arrays.asList(methods)));
return this;
}
/**
* Set the list of headers that a pre-flight request can list as allowed
* for use during an actual request.
* <p>The special value {@code "*"} may be used to allow all headers.
* <p>A header name is not required to be listed if it is one of:
* {@code Cache-Control}, {@code Content-Language}, {@code Expires},
* {@code Last-Modified}, or {@code Pragma} as per the CORS spec.
* <p>By default all headers are allowed.
*/
public CorsRegistration allowedHeaders(String... headers) {
this.config.setAllowedHeaders(new ArrayList<>(Arrays.asList(headers)));
return this;
}
/**
* Set the list of response headers other than "simple" headers, i.e.
* {@code Cache-Control}, {@code Content-Language}, {@code Content-Type},
* {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an
* actual response might have and can be exposed.
* <p>Note that {@code "*"} is not supported on this property.
* <p>By default this is not set.
*/
public CorsRegistration exposedHeaders(String... headers) {
this.config.setExposedHeaders(new ArrayList<>(Arrays.asList(headers)));
return this;
}
/**
* Configure how long in seconds the response from a pre-flight request
* can be cached by clients.
* <p>By default this is set to 1800 seconds (30 minutes).
*/
public CorsRegistration maxAge(long maxAge) {
this.config.setMaxAge(maxAge);
return this;
}
/**
* Whether user credentials are supported.
* <p>By default this is set to {@code true} in which case user credentials
* are supported.
*/
public CorsRegistration allowCredentials(boolean allowCredentials) {
this.config.setAllowCredentials(allowCredentials);
return this;

15
spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
View File

@ -18,7 +18,6 @@ package org.springframework.web.servlet.mvc.method.annotation;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
@ -305,24 +304,12 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
updateCorsConfig(config, typeAnnotation);
updateCorsConfig(config, methodAnnotation);
if (CollectionUtils.isEmpty(config.getAllowedOrigins())) {
config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
}
if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {
config.addAllowedMethod(allowedMethod.name());
}
}
if (CollectionUtils.isEmpty(config.getAllowedHeaders())) {
config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
}
if (config.getAllowCredentials() == null) {
config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
}
if (config.getMaxAge() == null) {
config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
}
return config;
return config.applyPermitDefaultValues();
}
private void updateCorsConfig(CorsConfiguration config, CrossOrigin annotation) {

4
spring-webmvc/src/test/java/org/springframework/web/servlet/config/MvcNamespaceTests.java
View File

@ -882,7 +882,7 @@ public class MvcNamespaceTests {
assertArrayEquals(new String[]{"*"}, config.getAllowedHeaders().toArray());
assertNull(config.getExposedHeaders());
assertTrue(config.getAllowCredentials());
assertEquals(new Long(1600), config.getMaxAge());
assertEquals(new Long(1800), config.getMaxAge());
}
}
@ -912,7 +912,7 @@ public class MvcNamespaceTests {
assertArrayEquals(new String[]{"*"}, config.getAllowedHeaders().toArray());
assertNull(config.getExposedHeaders());
assertTrue(config.getAllowCredentials());
assertEquals(new Long(1600), config.getMaxAge());
assertEquals(new Long(1800), config.getMaxAge());
}
}