From 0fcfc8b517f72f49c780ea96ec8ff6350bda5062 Mon Sep 17 00:00:00 2001 From: Rhuan Rocha Date: Fri, 9 Jun 2023 01:13:01 -0300 Subject: [PATCH] Fixing the issue #33922 about Access-Control-Expose-Headers Signed-off-by: Rhuan Rocha Updating unit-test Signed-off-by: Rhuan Rocha Formatting codes Signed-off-by: Rhuan Rocha Removing duplicated code block Signed-off-by: Rhuan Rocha Formatting codes Signed-off-by: Rhuan Rocha Formatting codes Signed-off-by: Rhuan Rocha Formatting codes Signed-off-by: Rhuan Rocha Formatting codes Signed-off-by: Rhuan Rocha --- .../vertx/web/cors/CORSFullConfigHandlerTestCase.java | 10 ++++++++++ .../io/quarkus/vertx/http/runtime/cors/CORSFilter.java | 10 ++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java b/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java index 445fe9adc05b6..8b8292085644a 100644 --- a/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java +++ b/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java @@ -32,6 +32,15 @@ public void corsFullConfigTestServlet() { .header("Access-Control-Allow-Headers", "X-Custom") .header("Access-Control-Max-Age", "86400"); + given().header("Origin", "http://custom.origin.quarkus") + .when() + .get("/test").then() + .statusCode(200) + .header("Access-Control-Allow-Origin", "http://custom.origin.quarkus") + .header("Access-Control-Allow-Methods", "GET,PUT,POST") + .header("Access-Control-Expose-Headers", "Content-Disposition") + .header("Access-Control-Allow-Headers", "X-Custom"); + given().header("Origin", "http://www.quarkus.io") .header("Access-Control-Request-Method", "PUT") .when() @@ -40,6 +49,7 @@ public void corsFullConfigTestServlet() { .header("Access-Control-Allow-Origin", "http://www.quarkus.io") .header("Access-Control-Allow-Methods", "GET,PUT,POST") .header("Access-Control-Expose-Headers", "Content-Disposition"); + } @Test diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java index 4cd477c951b8d..4304433190d3c 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java @@ -176,6 +176,12 @@ public void handle(RoutingContext event) { if (allowedMethods != null) { response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMethods); } + + //always set expose headers if present + if (exposedHeaders != null) { + response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders); + } + //we check that the actual request matches the allowed methods and headers if (!isMethodAllowed(request.method())) { LOG.debug("Method is not allowed"); @@ -216,10 +222,6 @@ private void handlePreflightRequest(RoutingContext event, String requestedHeader response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders); } - if (!isConfiguredWithWildcard(corsConfig.exposedHeaders)) { - response.headers().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders); - } - } static boolean isSameOrigin(HttpServerRequest request, String origin) {