cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec
Date Tue, 11 Mar 2014 12:52:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes bc8f7509d -> ccf4df5f2


[CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ccf4df5f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ccf4df5f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ccf4df5f

Branch: refs/heads/2.7.x-fixes
Commit: ccf4df5f2effd06f610a595db1800a290db6f3ea
Parents: bc8f750
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Mar 11 12:35:42 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Mar 11 12:52:01 2014 +0000

----------------------------------------------------------------------
 .../rs/security/cors/CrossOriginResourceSharingFilter.java    | 7 +++++--
 .../apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ccf4df5f/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
index 4c1658c..21cfae8 100644
--- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
+++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
@@ -25,6 +25,8 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
 import java.util.regex.Pattern;
 
 import javax.ws.rs.core.Context;
@@ -415,8 +417,9 @@ public class CrossOriginResourceSharingFilter implements RequestHandler,
Respons
         } else {
             actualHeaders = allowHeaders;
         }
-        
-        return actualHeaders.containsAll(aHeaders);
+        Set<String> actualHeadersSet = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
+        actualHeadersSet.addAll(actualHeaders);
+        return actualHeadersSet.containsAll(aHeaders);
     }
 
     private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/ccf4df5f/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
----------------------------------------------------------------------
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
index d38ed69..81c9a23 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
@@ -378,7 +378,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase
{
         // this is the origin we expect to get.
         http.addHeader("Origin", "http://area51.mil:31415");
         http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT");
-        http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2");
+        http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2");
         HttpResponse response = httpclient.execute(http);
         assertEquals(200, response.getStatusLine().getStatusCode());
         assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response);
@@ -389,7 +389,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase
{
         assertEquals(Collections.emptyList(), exposeHeadersValues);
         List<String> allowHeadersValues 
             = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS));
-        assertEquals(Arrays.asList(new String[] {"X-custom-1", "X-custom-2" }), allowHeadersValues);
+        assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues);
     }
     
     @Test


Mime
View raw message