|
16 | 16 | import java.util.List; |
17 | 17 | import java.util.Locale; |
18 | 18 | import java.util.Map; |
| 19 | +import java.util.function.Predicate; |
19 | 20 | import java.util.function.UnaryOperator; |
20 | 21 | import org.junit.jupiter.api.Test; |
21 | 22 |
|
@@ -167,4 +168,48 @@ void corsPreflightHandlerRejectsUnknownMethodTokenWith403() { |
167 | 168 |
|
168 | 169 | assertThat(resp.status()).isEqualTo(HTTP_FORBIDDEN); |
169 | 170 | } |
| 171 | + |
| 172 | + @Test |
| 173 | + void corsPreflightHandlerMatchesHeadersCaseInsensitively() { |
| 174 | + RequestHandler handler = |
| 175 | + Handlers.corsPreflightHandler( |
| 176 | + ORIGINS, METHODS, List.of("Content-Type", "Authorization"), false, null); |
| 177 | + |
| 178 | + Response resp = |
| 179 | + handler.handle(preflight("https://app.example.com", "POST", "CONTENT-TYPE, authorization")); |
| 180 | + |
| 181 | + assertThat(resp.status()).isEqualTo(HTTP_NO_CONTENT); |
| 182 | + } |
| 183 | + |
| 184 | + @Test |
| 185 | + void corsPreflightHandlerEchoesOriginAndIncludesVary() { |
| 186 | + Predicate<String> anyExampleOrigin = o -> o.endsWith(".example.com"); |
| 187 | + RequestHandler handler = |
| 188 | + Handlers.corsPreflightHandler(anyExampleOrigin, METHODS, HEADERS, false, null); |
| 189 | + |
| 190 | + Response resp = |
| 191 | + handler.handle(preflight("https://tenant-7.example.com", "POST", "content-type")); |
| 192 | + |
| 193 | + assertThat(resp.status()).isEqualTo(HTTP_NO_CONTENT); |
| 194 | + assertThat(resp.headers()) |
| 195 | + .containsEntry("Access-Control-Allow-Origin", "https://tenant-7.example.com") |
| 196 | + .containsEntry("Vary", "Origin"); |
| 197 | + } |
| 198 | + |
| 199 | + @Test |
| 200 | + void corsPreflightHandlerListOverloadDelegatesToPredicateBehaviour() { |
| 201 | + RequestHandler list = |
| 202 | + Handlers.corsPreflightHandler( |
| 203 | + List.of("https://a.example.com", "https://b.example.com"), |
| 204 | + METHODS, |
| 205 | + HEADERS, |
| 206 | + false, |
| 207 | + null); |
| 208 | + |
| 209 | + Response allowed = list.handle(preflight("https://b.example.com", "POST", "content-type")); |
| 210 | + Response denied = list.handle(preflight("https://c.example.com", "POST", "content-type")); |
| 211 | + |
| 212 | + assertThat(allowed.status()).isEqualTo(HTTP_NO_CONTENT); |
| 213 | + assertThat(denied.status()).isEqualTo(HTTP_FORBIDDEN); |
| 214 | + } |
170 | 215 | } |
0 commit comments