1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-27 17:22:57 +01:00

Panic on wildcard in Cors builder's allowed_origin() (#114)

* Assert allowed origin in Cors builder

* Add panic test for wildcard

* Add changelog entry

* rustfmt

* Apply suggestions from code review

Co-authored-by: Rob Ede <robjtede@icloud.com>

Co-authored-by: Rob Ede <robjtede@icloud.com>
This commit is contained in:
eupn 2020-10-10 20:25:33 +07:00 committed by GitHub
parent 134e43ab5e
commit 06f17ec223
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 1 deletions

View File

@ -1,6 +1,9 @@
# Changes
## Unreleased - 2020-xx-xx
* Disallow `*` in `Cors::allowed_origin` by panicking. [#114].
[#114]: https://github.com/actix/actix-extras/pull/114
## 0.4.1 - 2020-10-07

View File

@ -115,10 +115,18 @@ impl Cors {
/// `allowed_origin_fn` function is set, these functions will be used to determinate
/// allowed origins.
///
/// Builder panics if supplied origin is not valid uri.
/// # Panics
///
/// * If supplied origin is not valid uri, or
/// * If supplied origin is a wildcard (`*`). [`Cors::send_wildcard`] should be used instead.
///
/// [Fetch Standard]: https://fetch.spec.whatwg.org/#origin-header
pub fn allowed_origin(mut self, origin: &str) -> Cors {
assert!(
origin != "*",
"Wildcard in `allowed_origin` is not allowed. Use `send_wildcard`."
);
if let Some(cors) = cors(&mut self.cors, &self.error) {
match TryInto::<Uri>::try_into(origin) {
Ok(_) => {

View File

@ -10,6 +10,17 @@ use regex::bytes::Regex;
use actix_cors::Cors;
#[actix_rt::test]
#[should_panic]
async fn test_wildcard_origin() {
Cors::new()
.allowed_origin("*")
.finish()
.new_transform(test::ok_service())
.await
.unwrap();
}
#[actix_rt::test]
async fn test_not_allowed_origin_fn() {
let mut cors = Cors::new()