@@ -52,8 +52,7 @@ public void testDoFilterSimpleGET() throws IOException, ServletException {
5252 corsFilter .doFilter (request , response , filterChain );
5353
5454 Assert .assertTrue (response .getHeader (
55- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
56- "https://www.apache.org" ));
55+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
5756 Assert .assertTrue (((Boolean ) request .getAttribute (
5857 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
5958 Assert .assertTrue (request .getAttribute (
@@ -85,8 +84,7 @@ public void testDoFilterSimplePOST() throws IOException, ServletException {
8584 corsFilter .doFilter (request , response , filterChain );
8685
8786 Assert .assertTrue (response .getHeader (
88- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
89- "https://www.apache.org" ));
87+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
9088 Assert .assertTrue (((Boolean ) request .getAttribute (
9189 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
9290 Assert .assertTrue (request .getAttribute (
@@ -117,8 +115,7 @@ public void testDoFilterSimpleHEAD() throws IOException, ServletException {
117115 corsFilter .doFilter (request , response , filterChain );
118116
119117 Assert .assertTrue (response .getHeader (
120- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
121- "https://www.apache.org" ));
118+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
122119 Assert .assertTrue (((Boolean ) request .getAttribute (
123120 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
124121 Assert .assertTrue (request .getAttribute (
@@ -163,41 +160,15 @@ public void testDoFilterSimpleSpecificHeader() throws IOException,
163160 }
164161
165162 /*
166- * Tests the presence of the origin (and not '*') in the response, when
167- * supports credentials is enabled alongwith any origin, '*'.
163+ * Tests the that supports credentials may not be enabled with any origin,
164+ * '*'.
168165 *
169- * @throws IOException
170166 * @throws ServletException
171167 */
172- @ Test
173- public void testDoFilterSimpleAnyOriginAndSupportsCredentials ()
174- throws IOException , ServletException {
175- TesterHttpServletRequest request = new TesterHttpServletRequest ();
176- request .setHeader (CorsFilter .REQUEST_HEADER_ORIGIN ,
177- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG );
178- request .setMethod ("GET" );
179- TesterHttpServletResponse response = new TesterHttpServletResponse ();
180-
168+ @ Test (expected =ServletException .class )
169+ public void testDoFilterSimpleAnyOriginAndSupportsCredentials () throws ServletException {
181170 CorsFilter corsFilter = new CorsFilter ();
182- corsFilter .init (TesterFilterConfigs
183- .getFilterConfigAnyOriginAndSupportsCredentials ());
184- corsFilter .doFilter (request , response , filterChain );
185-
186- Assert .assertTrue (response .getHeader (
187- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
188- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG ));
189- Assert .assertTrue (response .getHeader (
190- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS )
191- .equals (
192- "true" ));
193- Assert .assertTrue (((Boolean ) request .getAttribute (
194- CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
195- Assert .assertTrue (request .getAttribute (
196- CorsFilter .HTTP_REQUEST_ATTRIBUTE_ORIGIN ).equals (
197- TesterFilterConfigs .HTTPS_WWW_APACHE_ORG ));
198- Assert .assertTrue (request .getAttribute (
199- CorsFilter .HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE ).equals (
200- CorsFilter .CORSRequestType .SIMPLE .name ().toLowerCase (Locale .ENGLISH )));
171+ corsFilter .init (TesterFilterConfigs .getFilterConfigAnyOriginAndSupportsCredentials ());
201172 }
202173
203174 /*
@@ -258,8 +229,7 @@ public void testDoFilterSimpleWithExposedHeaders() throws IOException,
258229 corsFilter .doFilter (request , response , filterChain );
259230
260231 Assert .assertTrue (response .getHeader (
261- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
262- "https://www.apache.org" ));
232+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
263233 Assert .assertTrue (response .getHeader (
264234 CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS )
265235 .equals (TesterFilterConfigs .EXPOSED_HEADERS ));
@@ -707,9 +677,8 @@ public void testInitDefaultFilterConfig() throws IOException,
707677 corsFilter .init (null );
708678 corsFilter .doFilter (request , response , filterChain );
709679
710- Assert .assertTrue (response .getHeader (
711- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
712- "https://www.apache.org" ));
680+ Assert .assertNull (response .getHeader (
681+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ));
713682 Assert .assertTrue (((Boolean ) request .getAttribute (
714683 CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST )).booleanValue ());
715684 Assert .assertTrue (request .getAttribute (
@@ -1392,7 +1361,7 @@ public void testWithFilterConfig() throws ServletException {
13921361 Assert .assertTrue (corsFilter .getAllowedOrigins ().size () == 0 );
13931362 Assert .assertTrue (corsFilter .isAnyOriginAllowed ());
13941363 Assert .assertTrue (corsFilter .getExposedHeaders ().size () == 0 );
1395- Assert .assertTrue (corsFilter .isSupportsCredentials ());
1364+ Assert .assertFalse (corsFilter .isSupportsCredentials ());
13961365 Assert .assertTrue (corsFilter .getPreflightMaxAge () == 1800 );
13971366 }
13981367
@@ -1428,9 +1397,9 @@ public void testWithStringParserNull() throws ServletException {
14281397 Assert .assertTrue (corsFilter .getAllowedHttpHeaders ().size () == 6 );
14291398 Assert .assertTrue (corsFilter .getAllowedHttpMethods ().size () == 4 );
14301399 Assert .assertTrue (corsFilter .getAllowedOrigins ().size () == 0 );
1431- Assert .assertTrue (corsFilter .isAnyOriginAllowed ());
1400+ Assert .assertFalse (corsFilter .isAnyOriginAllowed ());
14321401 Assert .assertTrue (corsFilter .getExposedHeaders ().size () == 0 );
1433- Assert .assertTrue (corsFilter .isSupportsCredentials ());
1402+ Assert .assertFalse (corsFilter .isSupportsCredentials ());
14341403 Assert .assertTrue (corsFilter .getPreflightMaxAge () == 1800 );
14351404 }
14361405
@@ -1534,8 +1503,7 @@ public void testDecorateRequestDisabled() throws IOException,
15341503 corsFilter .doFilter (request , response , filterChain );
15351504
15361505 Assert .assertTrue (response .getHeader (
1537- CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals (
1538- "https://www.apache.org" ));
1506+ CorsFilter .RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN ).equals ("*" ));
15391507 Assert .assertNull (request
15401508 .getAttribute (CorsFilter .HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST ));
15411509 Assert .assertNull (request
0 commit comments