You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/05/20 16:36:29 UTC
svn commit: r1484489 - in /cxf/branches/2.7.x-fixes: ./
rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
Author: sergeyb
Date: Mon May 20 14:36:28 2013
New Revision: 1484489
URL: http://svn.apache.org/r1484489
Log:
Merged revisions 1484488 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1484488 | sergeyb | 2013-05-20 15:34:43 +0100 (Mon, 20 May 2013) | 1 line
[CXF-5017] Splitting CORS headers using a comma pattern only
........
Modified:
cxf/branches/2.7.x-fixes/ (props changed)
cxf/branches/2.7.x-fixes/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
cxf/branches/2.7.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1484488
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1484489&r1=1484488&r2=1484489&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java Mon May 20 14:36:28 2013
@@ -64,7 +64,7 @@ import org.apache.cxf.service.Service;
*/
public class CrossOriginResourceSharingFilter implements RequestHandler, ResponseHandler {
private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
- private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",\\w*");
+ private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",");
private static final String LOCAL_PREFLIGHT = "local_preflight";
private static final String LOCAL_PREFLIGHT_ORIGIN = "local_preflight.origin";
Modified: cxf/branches/2.7.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java?rev=1484489&r1=1484488&r2=1484489&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java (original)
+++ cxf/branches/2.7.x-fixes/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java Mon May 20 14:36:28 2013
@@ -151,7 +151,7 @@ public class CrossOriginSimpleTest exten
}
@Test
- public void preflightPostClassAnnotation() throws ClientProtocolException, IOException {
+ public void preflightPostClassAnnotationFail() throws ClientProtocolException, IOException {
HttpClient httpclient = new DefaultHttpClient();
HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
httpoptions.addHeader("Origin", "http://in.org");
@@ -161,6 +161,67 @@ public class CrossOriginSimpleTest exten
httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
HttpResponse response = httpclient.execute(httpoptions);
assertEquals(200, response.getStatusLine().getStatusCode());
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+ }
+
+ @Test
+ public void preflightPostClassAnnotationFail2() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-3");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+ }
+
+ @Test
+ public void preflightPostClassAnnotationPass() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+ assertEquals(1, origin.length);
+ assertEquals("http://area51.mil:31415", origin[0].getValue());
+ Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+ assertEquals(1, method.length);
+ assertEquals("POST", method[0].getValue());
+ Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+ assertEquals(1, requestHeaders.length);
+ assertEquals("X-custom-1", requestHeaders[0].getValue());
+ }
+
+ @Test
+ public void preflightPostClassAnnotationPass2() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+ assertEquals(1, origin.length);
+ assertEquals("http://area51.mil:31415", origin[0].getValue());
+ Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+ assertEquals(1, method.length);
+ assertEquals("POST", method[0].getValue());
+ Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+ assertEquals(1, requestHeaders.length);
+ assertTrue(requestHeaders[0].getValue().contains("X-custom-1"));
+ assertTrue(requestHeaders[0].getValue().contains("X-custom-2"));
}
@Test