Lines 497-506
public class TestCorsFilter {
Link Here
|
497 |
} |
497 |
} |
498 |
|
498 |
|
499 |
/* |
499 |
/* |
500 |
* Negative test, when a CORS request arrives, with a null origin. |
500 |
* Negative test, when a CORS request arrives, with no origin header. |
501 |
*/ |
501 |
*/ |
502 |
@Test |
502 |
@Test |
503 |
public void testDoFilterNullOrigin() throws IOException, ServletException { |
503 |
public void testDoFilterNoOrigin() throws IOException, ServletException { |
504 |
TesterHttpServletRequest request = new TesterHttpServletRequest(); |
504 |
TesterHttpServletRequest request = new TesterHttpServletRequest(); |
505 |
|
505 |
|
506 |
request.setMethod("POST"); |
506 |
request.setMethod("POST"); |
Lines 536-541
public class TestCorsFilter {
Link Here
|
536 |
response.getStatus()); |
536 |
response.getStatus()); |
537 |
} |
537 |
} |
538 |
|
538 |
|
|
|
539 |
/* |
540 |
* A CORS request arrives with a "null" origin which is allowed by default. |
541 |
*/ |
542 |
@Test |
543 |
public void testDoFilterNullOriginAllowedByDefault() throws IOException, |
544 |
ServletException { |
545 |
TesterHttpServletRequest request = new TesterHttpServletRequest(); |
546 |
|
547 |
request.setMethod("POST"); |
548 |
request.setContentType("text/plain"); |
549 |
request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN, "null"); |
550 |
TesterHttpServletResponse response = new TesterHttpServletResponse(); |
551 |
|
552 |
CorsFilter corsFilter = new CorsFilter(); |
553 |
corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig()); |
554 |
CorsFilter.CORSRequestType requestType = |
555 |
corsFilter.checkRequestType(request); |
556 |
Assert.assertEquals(CorsFilter.CORSRequestType.SIMPLE, requestType); |
557 |
|
558 |
corsFilter.doFilter(request, response, filterChain); |
559 |
|
560 |
Assert.assertTrue(((Boolean) request.getAttribute( |
561 |
CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue()); |
562 |
} |
563 |
|
564 |
/* |
565 |
* A CORS request arrives with a "null" origin which is explicitly allowed |
566 |
* by configuration. |
567 |
*/ |
568 |
@Test |
569 |
public void testDoFilterNullOriginAllowedByConfiguration() throws |
570 |
IOException, ServletException { |
571 |
TesterHttpServletRequest request = new TesterHttpServletRequest(); |
572 |
|
573 |
request.setMethod("POST"); |
574 |
request.setContentType("text/plain"); |
575 |
request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN, "null"); |
576 |
TesterHttpServletResponse response = new TesterHttpServletResponse(); |
577 |
|
578 |
CorsFilter corsFilter = new CorsFilter(); |
579 |
corsFilter.init( |
580 |
TesterFilterConfigs.getFilterConfigSpecificOriginNullAllowed()); |
581 |
CorsFilter.CORSRequestType requestType = |
582 |
corsFilter.checkRequestType(request); |
583 |
Assert.assertEquals(CorsFilter.CORSRequestType.SIMPLE, requestType); |
584 |
|
585 |
corsFilter.doFilter(request, response, filterChain); |
586 |
|
587 |
Assert.assertTrue(((Boolean) request.getAttribute( |
588 |
CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue()); |
589 |
} |
590 |
|
539 |
@Test(expected = ServletException.class) |
591 |
@Test(expected = ServletException.class) |
540 |
public void testDoFilterNullRequestNullResponse() throws IOException, |
592 |
public void testDoFilterNullRequestNullResponse() throws IOException, |
541 |
ServletException { |
593 |
ServletException { |
Lines 1035-1040
public class TestCorsFilter {
Link Here
|
1035 |
Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN, |
1087 |
Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN, |
1036 |
response.getStatus()); |
1088 |
response.getStatus()); |
1037 |
} |
1089 |
} |
|
|
1090 |
|
1091 |
/* |
1092 |
* Tests for failure, when the 'null' origin is used, and it's not in the |
1093 |
* list of allowed origins. |
1094 |
*/ |
1095 |
@Test |
1096 |
public void testCheckNullOriginNotAllowed() throws ServletException, |
1097 |
IOException { |
1098 |
TesterHttpServletRequest request = new TesterHttpServletRequest(); |
1099 |
TesterHttpServletResponse response = new TesterHttpServletResponse(); |
1100 |
request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN, "null"); |
1101 |
request.setMethod("GET"); |
1102 |
CorsFilter corsFilter = new CorsFilter(); |
1103 |
corsFilter.init(TesterFilterConfigs.getSpecificOriginFilterConfig()); |
1104 |
corsFilter.doFilter(request, response, filterChain); |
1105 |
Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN, |
1106 |
response.getStatus()); |
1107 |
} |
1038 |
|
1108 |
|
1039 |
/* |
1109 |
/* |
1040 |
* Tests for failure, when a different sub-domain is used, that's not in the |
1110 |
* Tests for failure, when a different sub-domain is used, that's not in the |