@@ -55,8 +55,7 @@ public void testDoFilterSimpleGET() throws IOException, ServletException {
5555 corsFilter .doFilter (request , response , filterChain );
5656
5757 Assert .assertTrue (response .getHeader (
58- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
59- "https://www.apache.org" ));
58+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
6059 Assert .assertTrue (((Boolean ) request .getAttribute (
6160 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
6261 Assert .assertTrue (request .getAttribute (
@@ -88,8 +87,7 @@ public void testDoFilterSimplePOST() throws IOException, ServletException {
8887 corsFilter .doFilter (request , response , filterChain );
8988
9089 Assert .assertTrue (response .getHeader (
91- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
92- "https://www.apache.org" ));
90+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
9391 Assert .assertTrue (((Boolean ) request .getAttribute (
9492 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
9593 Assert .assertTrue (request .getAttribute (
@@ -120,8 +118,7 @@ public void testDoFilterSimpleHEAD() throws IOException, ServletException {
120118 corsFilter .doFilter (request , response , filterChain );
121119
122120 Assert .assertTrue (response .getHeader (
123- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
124- "https://www.apache.org" ));
121+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
125122 Assert .assertTrue (((Boolean ) request .getAttribute (
126123 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
127124 Assert .assertTrue (request .getAttribute (
@@ -166,41 +163,15 @@ public void testDoFilterSimpleSpecificHeader() throws IOException,
166163 }
167164
168165 /*
169- * Tests the presence of the origin (and not '*') in the response, when
170- * supports credentials is enabled alongwith any origin, '*'.
166+ * Tests the that supports credentials may not be enabled with any origin,
167+ * '*'.
171168 *
172- * @throws IOException
173169 * @throws ServletException
174170 */
175- @ Test
176- public void testDoFilterSimpleAnyOriginAndSupportsCredentials ()
177- throws IOException , ServletException {
178- TesterHttpServletRequest request = new TesterHttpServletRequest ();
179- request .setHeader (CorsFilter .REQUEST_HEADER_ORIGIN ,
180- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG );
181- request .setMethod ("GET" );
182- TesterHttpServletResponse response = new TesterHttpServletResponse ();
183-
171+ @ Test (expected =ServletException .class )
172+ public void testDoFilterSimpleAnyOriginAndSupportsCredentials () throws ServletException {
184173 CorsFilter corsFilter = new CorsFilter ();
185- corsFilter .init (TesterFilterConfigs
186- .getFilterConfigAnyOriginAndSupportsCredentials ());
187- corsFilter .doFilter (request , response , filterChain );
188-
189- Assert .assertTrue (response .getHeader (
190- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
191- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG ));
192- Assert .assertTrue (response .getHeader (
193- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS )
194- .equals (
195- "true" ));
196- Assert .assertTrue (((Boolean ) request .getAttribute (
197- CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
198- Assert .assertTrue (request .getAttribute (
199- CorsFilter .HTTP_REQUEST_ATTRIBUTE_ORIGIN ).equals (
200- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG ));
201- Assert .assertTrue (request .getAttribute (
202- CorsFilter .HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE ).equals (
203- CorsFilter .CORSRequestType .SIMPLE .name ().toLowerCase (Locale .ENGLISH )));
174+ corsFilter .init (TesterFilterConfigs .getFilterConfigAnyOriginAndSupportsCredentials ());
204175 }
205176
206177 /*
@@ -261,8 +232,7 @@ public void testDoFilterSimpleWithExposedHeaders() throws IOException,
261232 corsFilter .doFilter (request , response , filterChain );
262233
263234 Assert .assertTrue (response .getHeader (
264- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
265- "https://www.apache.org" ));
235+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
266236 Assert .assertTrue (response .getHeader (
267237 CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS )
268238 .equals (TesterFilterConfigs .EXPOSED_HEADERS ));
@@ -727,9 +697,8 @@ public String getFilterName() {
727697 });
728698 corsFilter .doFilter (request , response , filterChain );
729699
730- Assert .assertTrue (response .getHeader (
731- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
732- "https://www.apache.org" ));
700+ Assert .assertNull (response .getHeader (
701+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ));
733702 Assert .assertTrue (((Boolean ) request .getAttribute (
734703 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
735704 Assert .assertTrue (request .getAttribute (
@@ -1412,7 +1381,7 @@ public void testWithFilterConfig() throws ServletException {
14121381 Assert .assertTrue (corsFilter .getAllowedOrigins ().size () == 0 );
14131382 Assert .assertTrue (corsFilter .isAnyOriginAllowed ());
14141383 Assert .assertTrue (corsFilter .getExposedHeaders ().size () == 0 );
1415- Assert .assertTrue (corsFilter .isSupportsCredentials ());
1384+ Assert .assertFalse (corsFilter .isSupportsCredentials ());
14161385 Assert .assertTrue (corsFilter .getPreflightMaxAge () == 1800 );
14171386 }
14181387
@@ -1448,9 +1417,9 @@ public void testWithStringParserNull() throws ServletException {
14481417 Assert .assertTrue (corsFilter .getAllowedHttpHeaders ().size () == 6 );
14491418 Assert .assertTrue (corsFilter .getAllowedHttpMethods ().size () == 4 );
14501419 Assert .assertTrue (corsFilter .getAllowedOrigins ().size () == 0 );
1451- Assert .assertTrue (corsFilter .isAnyOriginAllowed ());
1420+ Assert .assertFalse (corsFilter .isAnyOriginAllowed ());
14521421 Assert .assertTrue (corsFilter .getExposedHeaders ().size () == 0 );
1453- Assert .assertTrue (corsFilter .isSupportsCredentials ());
1422+ Assert .assertFalse (corsFilter .isSupportsCredentials ());
14541423 Assert .assertTrue (corsFilter .getPreflightMaxAge () == 1800 );
14551424 }
14561425
@@ -1554,8 +1523,7 @@ public void testDecorateRequestDisabled() throws IOException,
15541523 corsFilter .doFilter (request , response , filterChain );
15551524
15561525 Assert .assertTrue (response .getHeader (
1557- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
1558- "https://www.apache.org" ));
1526+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
15591527 Assert .assertNull (request
15601528 .getAttribute (CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST ));
15611529 Assert .assertNull (request
0 commit comments