Skip to content

Commit f0e130f

Browse files
jknackjknack
committed
Cors: fix some tests and remove the isSimple check, just write back headers when Origin is present
1 parent 1c629c2 commit f0e130f

File tree

2 files changed

+13
-18
lines changed

2 files changed

+13
-18
lines changed

jooby/src/main/java/io/jooby/CorsHandler.java

Lines changed: 11 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,11 @@ public CorsHandler() {
6868
@Nonnull @Override public Route.Handler apply(@Nonnull Route.Handler next) {
6969
return ctx -> {
7070
String origin = ctx.header("Origin").valueOrNull();
71-
if (origin != null && options.allowOrigin(origin)) {
71+
if (origin != null) {
72+
if (!options.allowOrigin(origin)) {
73+
log.debug("denied origin: {}", origin);
74+
return ctx.send(StatusCode.FORBIDDEN);
75+
}
7276
log.debug("allowed origin: {}", origin);
7377
if (isPreflight(ctx)) {
7478
log.debug("handling preflight for: {}", origin);
@@ -80,12 +84,8 @@ public CorsHandler() {
8084
return ctx.send(StatusCode.FORBIDDEN);
8185
}
8286
} else {
83-
// Origin is present, is Simple CORS?
84-
if (isSimple(ctx)) {
85-
log.debug("handling simple cors for: {}", origin);
86-
ctx.setResetHeadersOnError(false);
87-
simple(ctx, options, origin);
88-
} else if (ctx.getMethod().equalsIgnoreCase(Router.OPTIONS)) {
87+
// OPTIONS?
88+
if (ctx.getMethod().equalsIgnoreCase(Router.OPTIONS)) {
8989
// handle normal OPTIONS
9090
Router router = ctx.getRouter();
9191
List<String> allow = new ArrayList<>();
@@ -97,8 +97,11 @@ public CorsHandler() {
9797
}
9898
ctx.setResponseHeader("Allow", allow.stream().collect(Collectors.joining(",")));
9999
return ctx.send(StatusCode.OK);
100+
} else {
101+
log.debug("handling simple cors for: {}", origin);
102+
ctx.setResetHeadersOnError(false);
103+
simple(ctx, options, origin);
100104
}
101-
//
102105
}
103106
}
104107
return next.apply(ctx);
@@ -113,14 +116,6 @@ private static Context methodContext(Context ctx, String method) {
113116
};
114117
}
115118

116-
private static boolean isSimple(Context ctx) {
117-
return ctx.getMethod().equals(Router.GET)
118-
|| ctx.getMethod().equals(Router.POST)
119-
|| ctx.getMethod().equals(Router.HEAD);
120-
// Suggested:
121-
// return !ctx.getMethod().equals(Router.OPTIONS);
122-
}
123-
124119
private static void simple(final Context ctx, final Cors options, final String origin) {
125120
if ("null".equals(origin)) {
126121
ctx.setResponseHeader(AC_ALLOW_ORIGIN, ANY_ORIGIN);

tests/src/test/java/io/jooby/Issue1413.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ public void shouldDoPreflightWithCredentials() {
4747
.header("Origin", "http://bar.com")
4848
.get("/api/v1/machines/123", rsp -> {
4949
assertEquals(403, rsp.code());
50-
assertNull(rsp.body().string());
50+
assertEquals("", rsp.body().string());
5151
assertNull(rsp.header("Access-Control-Allow-Origin"));
5252
assertNull(rsp.header("Access-Control-Allow-Credentials"));
5353
});
@@ -105,7 +105,7 @@ public void shouldDoPreflightWithoutCredentials() {
105105
.header("Origin", "http://bar.com")
106106
.get("/api/v1/machines/123", rsp -> {
107107
assertEquals(403, rsp.code());
108-
assertNull(rsp.body().string());
108+
assertEquals("", rsp.body().string());
109109
assertNull(rsp.header("Access-Control-Allow-Origin"));
110110
assertNull(rsp.header("Access-Control-Allow-Credentials"));
111111
});

0 commit comments

Comments
 (0)