diff options
author | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-05-06 17:22:25 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-05-06 17:22:25 +0200 |
commit | df2417ec2047cc39be89c250d41c23b78032a3d0 (patch) | |
tree | 14799d8f9978c39e42b5869b49715403d29daeb3 /jdisc-security-filters/src/test/java/com/yahoo/jdisc | |
parent | a2c9cd4bc04f1a3eaa31524b3970b96be5c2eda9 (diff) |
Allow wildcard in allowedUrls for CorsPreflightRequestFilter
Diffstat (limited to 'jdisc-security-filters/src/test/java/com/yahoo/jdisc')
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java index 2486bc444c8..8b77fc0abbd 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java @@ -15,7 +15,9 @@ import java.util.Arrays; import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ACCESS_CONTROL_HEADERS; import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -41,6 +43,13 @@ public class CorsPreflightRequestFilterTest { } @Test + public void allowed_wildcard_origin_yields_origin_header_in_response() { + final String ALLOWED_ORIGIN = "http://allowed.origin"; + HeaderFields headers = doFilterRequest(newRequestFilter("*"), ALLOWED_ORIGIN); + assertEquals(ALLOWED_ORIGIN, headers.getFirst(ALLOW_ORIGIN_HEADER)); + } + + @Test public void disallowed_request_origin_does_not_yield_allow_origin_header_in_response() { HeaderFields headers = doFilterRequest(newRequestFilter("http://allowed.origin"), "http://disallowed.origin"); assertNull(headers.getFirst(ALLOW_ORIGIN_HEADER)); |