cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec
Date Tue, 11 Mar 2014 12:36:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d61c528f4 -> e557d6f2c


[CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e557d6f2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e557d6f2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e557d6f2

Branch: refs/heads/master
Commit: e557d6f2cccd2222c93ed6ccadfc229ef6346770
Parents: d61c528
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Mar 11 12:35:42 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Mar 11 12:35:42 2014 +0000

----------------------------------------------------------------------
 .../rs/security/cors/CrossOriginResourceSharingFilter.java    | 7 +++++--
 .../apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e557d6f2/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
index 27100b3..f976a50 100644
--- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
+++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
@@ -26,6 +26,8 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
 import java.util.regex.Pattern;
 
 import javax.ws.rs.HttpMethod;
@@ -432,8 +434,9 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
         } else {
             actualHeaders = allowHeaders;
         }
-        
-        return actualHeaders.containsAll(aHeaders);
+        Set<String> actualHeadersSet = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
+        actualHeadersSet.addAll(actualHeaders);
+        return actualHeadersSet.containsAll(aHeaders);
     }
 
     private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e557d6f2/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
----------------------------------------------------------------------
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
index a85d596..ef3dc25 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
@@ -418,7 +418,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase
{
         // this is the origin we expect to get.
         http.addHeader("Origin", "http://area51.mil:31415");
         http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT");
-        http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2");
+        http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2");
         HttpResponse response = httpclient.execute(http);
         assertEquals(200, response.getStatusLine().getStatusCode());
         assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response);
@@ -429,7 +429,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase
{
         assertEquals(Collections.emptyList(), exposeHeadersValues);
         List<String> allowHeadersValues 
             = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS));
-        assertEquals(Arrays.asList(new String[] {"X-custom-1", "X-custom-2" }), allowHeadersValues);
+        assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues);
         if (httpclient instanceof Closeable) {
             ((Closeable)httpclient).close();
         }


Mime
View raw message