Skip to content

Commit

Permalink
Fixing the issue quarkusio#33922 about Access-Control-Expose-Headers
Browse files Browse the repository at this point in the history
Signed-off-by: Rhuan Rocha <[email protected]>

Updating unit-test

Signed-off-by: Rhuan Rocha <[email protected]>

Formatting codes

Signed-off-by: Rhuan Rocha <[email protected]>

Removing duplicated code block

Signed-off-by: Rhuan Rocha <[email protected]>

Formatting codes

Signed-off-by: Rhuan Rocha <[email protected]>

Formatting codes

Signed-off-by: Rhuan Rocha <[email protected]>

Formatting codes

Signed-off-by: Rhuan Rocha <[email protected]>
  • Loading branch information
rhuan080 committed Jun 13, 2023
1 parent adcaefc commit 7805cc4
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,16 @@ public void corsFullConfigTestServlet() {
.header("Access-Control-Allow-Headers", "X-Custom")
.header("Access-Control-Max-Age", "86400");

given().header("Origin", "http://custom.origin.quarkus")
.when()
.get("/test").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", "http://custom.origin.quarkus")
.header("Access-Control-Allow-Methods", "GET,PUT,POST")
.header("Access-Control-Expose-Headers", "Content-Disposition")
.header("Access-Control-Allow-Headers", "X-Custom");


given().header("Origin", "http://www.quarkus.io")
.header("Access-Control-Request-Method", "PUT")
.when()
Expand All @@ -40,6 +50,7 @@ public void corsFullConfigTestServlet() {
.header("Access-Control-Allow-Origin", "http://www.quarkus.io")
.header("Access-Control-Allow-Methods", "GET,PUT,POST")
.header("Access-Control-Expose-Headers", "Content-Disposition");

}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,12 @@ public void handle(RoutingContext event) {
if (allowedMethods != null) {
response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMethods);
}

//always set expose headers if present
if (exposedHeaders != null) {
response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders);
}

//we check that the actual request matches the allowed methods and headers
if (!isMethodAllowed(request.method())) {
LOG.debug("Method is not allowed");
Expand Down Expand Up @@ -216,10 +222,6 @@ private void handlePreflightRequest(RoutingContext event, String requestedHeader
response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders);
}

if (!isConfiguredWithWildcard(corsConfig.exposedHeaders)) {
response.headers().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders);
}

}

static boolean isSameOrigin(HttpServerRequest request, String origin) {
Expand Down

0 comments on commit 7805cc4

Please sign in to comment.