couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [1/2] chttpd commit: updated refs/heads/master to ff59604
Date Fri, 23 Sep 2016 11:52:51 GMT
Repository: couchdb-chttpd
Updated Branches:
  refs/heads/master 2c1f3a316 -> ff59604e3


Handle empty "Access-Control-Request-Headers" header

When "Access-Control-Request-Headers" is empty, return an empty
"Access-Control-Allow-Headers" in the response. This is the same
behaviour as when the "Access-Control-Request-Headers" header is
omitted from the request entirely.

Fixes COUCHDB-3090


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/086567c9
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/086567c9
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/086567c9

Branch: refs/heads/master
Commit: 086567c962a3a99cefd1dd97706cd9db8522b27a
Parents: 3509b91
Author: Will Holley <willholley@gmail.com>
Authored: Mon Aug 1 17:57:44 2016 +0100
Committer: Will Holley <willholley@gmail.com>
Committed: Tue Aug 2 12:11:11 2016 +0100

----------------------------------------------------------------------
 src/chttpd_cors.erl       |  1 +
 test/chttpd_cors_test.erl | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/086567c9/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index a5eaa5a..22430c3 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -130,6 +130,7 @@ handle_preflight_request(Req, Config, Origin) ->
                     "Access-Control-Request-Headers"),
                 {FinalReqHeaders, ReqHeaders} = case AccessHeaders of
                     undefined -> {"", []};
+                    "" -> {"", []};
                     Headers ->
                         %% transform header list in something we
                         %% could check. make sure everything is a

http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/086567c9/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index 753b235..be34348 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -255,6 +255,7 @@ cors_enabled_wildcard_test_() ->
                 fun test_no_access_control_method_preflight_request_/1,
                 fun test_preflight_request_/1,
                 fun test_preflight_request_no_allow_credentials_/1,
+                fun test_preflight_request_empty_request_headers_/1,
                 fun test_db_request_/1,
                 fun test_db_preflight_request_/1,
                 fun test_db_host_origin_request_/1,
@@ -399,6 +400,24 @@ test_preflight_request_no_allow_credentials_(OwnerConfig) ->
     ].
 
 
+test_preflight_request_empty_request_headers_(OwnerConfig) ->
+    Headers = [
+        {"Origin", ?DEFAULT_ORIGIN},
+        {"Access-Control-Request-Method", "POST"},
+        {"Access-Control-Request-Headers", ""}
+    ],
+    Req = mock_request('OPTIONS', "/", Headers),
+    {ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
+    [
+        ?_assertEqual(?DEFAULT_ORIGIN,
+            header(Headers1, "Access-Control-Allow-Origin")),
+        ?_assertEqual(string_headers(?SUPPORTED_METHODS),
+            header(Headers1, "Access-Control-Allow-Methods")),
+        ?_assertEqual("",
+            header(Headers1, "Access-Control-Allow-Headers"))
+    ].
+
+
 test_db_request_(OwnerConfig) ->
     Origin = ?DEFAULT_ORIGIN,
     Headers = [{"Origin", Origin}],


Mime
View raw message