Skip to content

Commit b77f6ce

Browse files
odrotbohmodrotbohm
committed
Additional test cases for default CORS setup on repositories.
We now also assert on the Access-Control-Allow-Origin to default to * in case no more detailed configuration was set up. Issue #2208.
1 parent 1bfa83c commit b77f6ce

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

spring-data-rest-tests/spring-data-rest-tests-jpa/src/test/java/org/springframework/data/rest/webmvc/jpa/LocalConfigCorsIntegrationTests.java

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@
2424
import org.springframework.data.rest.tests.AbstractWebIntegrationTests;
2525
import org.springframework.data.rest.webmvc.RepositoryRestHandlerMapping;
2626
import org.springframework.data.rest.webmvc.config.RepositoryRestConfigurer;
27-
import org.springframework.hateoas.Link;
2827
import org.springframework.hateoas.LinkRelation;
2928
import org.springframework.http.HttpHeaders;
3029
import org.springframework.http.HttpMethod;
@@ -50,19 +49,20 @@ RepositoryRestConfigurer repositoryRestConfigurer() {
5049
/**
5150
* @see ItemRepository
5251
*/
53-
@Test // DATAREST-1397
52+
@Test // DATAREST-1397, #2208
5453
void appliesRepositoryCorsConfiguration() throws Exception {
5554

56-
Link findItems = client.discoverUnique(LinkRelation.of("items"));
55+
var findItems = client.discoverUnique(LinkRelation.of("items"));
5756

5857
// Preflight request
59-
String header = mvc
60-
.perform(options(findItems.expand().getHref()).header(HttpHeaders.ORIGIN, "http://far.far.example")
61-
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST")) //
62-
.andExpect(status().isOk()) //
63-
.andReturn().getResponse().getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS);
58+
var request = options(findItems.expand().getHref()) //
59+
.header(HttpHeaders.ORIGIN, "https://far.far.example") //
60+
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST");
6461

65-
assertThat(header.split(","))
62+
var response = mvc.perform(request).andExpect(status().isOk()).andReturn().getResponse();
63+
64+
assertThat(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isEqualTo("*");
65+
assertThat(response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).split(","))
6666
.containsExactlyInAnyOrderElementsOf(
6767
RepositoryRestHandlerMapping.DEFAULT_ALLOWED_METHODS.map(HttpMethod::name));
6868
}

0 commit comments

Comments
 (0)