Skip to content

Commit

Permalink
[#13] Empty origins should not result in *
Browse files Browse the repository at this point in the history
  • Loading branch information
blcham committed Nov 28, 2023
1 parent 90b2a2e commit 57b4dac
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
10 changes: 6 additions & 4 deletions src/main/java/cz/cvut/kbss/study/config/SecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -117,11 +117,13 @@ private static void configureAllowedOrigins(CorsConfiguration corsConfig, Config
if (!allowedOrigins.isEmpty()) {
corsConfig.setAllowedOrigins(allowedOrigins);
corsConfig.setAllowCredentials(true);
LOG.debug(
"Using response header Access-Control-Allow-Origin with value {}.",
corsConfig.getAllowedOrigins()
);
} else {
corsConfig.setAllowedOrigins(null);
}
LOG.debug(
"Using response header Access-Control-Allow-Origin with value {}.",
corsConfig.getAllowedOrigins()
);
}

private static Optional<String> getApplicationUrlOrigin(ConfigReader configReader) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasItems;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

class SecurityConfigTest {
Expand Down Expand Up @@ -59,12 +60,12 @@ void createCorsConfigurationSupportsMultipleConfiguredAllowedOrigins() {
}

@Test
void createCorsConfigurationThrowsRecordManagerExceptionWhenAppContextAndAllowedOriginsAreNotSet() {
void createCorsConfigurationDoNotSetAllowedOriginsWhenAppContextAndAllowedOriginsAreNotSet() {
environment.setProperty(ConfigParam.APP_CONTEXT.toString(), "");
environment.setProperty(ConfigParam.CORS_ALLOWED_ORIGINS.toString(),"");

assertThrows(RecordManagerException.class, () -> {
SecurityConfig.createCorsConfiguration(config);
});
final CorsConfigurationSource result = SecurityConfig.createCorsConfiguration(config);
assertNotNull(result.getCorsConfiguration(new MockHttpServletRequest()));
assertNull(result.getCorsConfiguration(new MockHttpServletRequest()).getAllowedOrigins());
}
}

0 comments on commit 57b4dac

Please sign in to comment.