Allow wildcard in allowedUrls for CorsPreflightRequestFilter

1 files changed, 10 insertions, 1 deletions

diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java
index 2486bc444c8..8b77fc0abbd 100644
--- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java
+++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java
@@ -15,7 +15,9 @@ import java.util.Arrays;
 import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS;
 import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ACCESS_CONTROL_HEADERS;
 import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -41,6 +43,13 @@ public class CorsPreflightRequestFilterTest {
     }
 
     @Test
+    public void allowed_wildcard_origin_yields_origin_header_in_response() {
+        final String ALLOWED_ORIGIN = "http://allowed.origin";
+        HeaderFields headers = doFilterRequest(newRequestFilter("*"), ALLOWED_ORIGIN);
+        assertEquals(ALLOWED_ORIGIN, headers.getFirst(ALLOW_ORIGIN_HEADER));
+    }
+
+    @Test
     public void disallowed_request_origin_does_not_yield_allow_origin_header_in_response() {
         HeaderFields headers = doFilterRequest(newRequestFilter("http://allowed.origin"), "http://disallowed.origin");
         assertNull(headers.getFirst(ALLOW_ORIGIN_HEADER));