root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Remove duplicated elements in CorsConfiguration#combine() 

Issue: SPR-14792
This commit is contained in:
Sebastien Deleuze 2016-10-11 10:06:17 +02:00
parent c2031aa651
commit f5ecdda400
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
View File

@ -18,7 +18,9 @@ package org.springframework.web.cors;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Set;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
@ -123,12 +125,11 @@ public class CorsConfiguration {
if (source == null || source.contains(ALL)) { if (source == null || source.contains(ALL)) {
return other; return other;
} }
List<String> combined = new ArrayList<String>(source); Set<String> combined = new LinkedHashSet<String>(source);
combined.addAll(other); combined.addAll(other);
return combined; return new ArrayList<String>(combined);
} }
/** /**
* Set the origins to allow, e.g. {@code "http://domain1.com"}. * Set the origins to allow, e.g. {@code "http://domain1.com"}.
* <p>The special value {@code "*"} allows all domains. * <p>The special value {@code "*"} allows all domains.

23
spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
View File

@ -131,6 +131,29 @@ public class CorsConfigurationTests {
assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods()); assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods());
} }
@Test // SPR-14792
public void combineWithDuplicatedElements() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("http://domain1.com");
config.addAllowedOrigin("http://domain2.com");
config.addAllowedHeader("header1");
config.addAllowedHeader("header2");
config.addExposedHeader("header3");
config.addExposedHeader("header4");
config.addAllowedMethod(HttpMethod.GET.name());
config.addAllowedMethod(HttpMethod.PUT.name());
CorsConfiguration other = new CorsConfiguration();
other.addAllowedOrigin("http://domain1.com");
other.addAllowedHeader("header1");
other.addExposedHeader("header3");
other.addAllowedMethod(HttpMethod.GET.name());
CorsConfiguration combinedConfig = config.combine(other);
assertEquals(Arrays.asList("http://domain1.com", "http://domain2.com"), combinedConfig.getAllowedOrigins());
assertEquals(Arrays.asList("header1", "header2"), combinedConfig.getAllowedHeaders());
assertEquals(Arrays.asList("header3", "header4"), combinedConfig.getExposedHeaders());
assertEquals(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()), combinedConfig.getAllowedMethods());
}
@Test @Test
public void combine() { public void combine() {
CorsConfiguration config = new CorsConfiguration(); CorsConfiguration config = new CorsConfiguration();