mirror of
https://github.com/actix/actix-extras.git
synced 2024-11-28 01:32:57 +01:00
Correct composing of multiple origins in cors (#518)
This commit is contained in:
parent
0dc96658f2
commit
1b298142e3
@ -5,6 +5,7 @@
|
||||
### Fixed
|
||||
|
||||
* HTTP1 decoding errors are reported to the client. #512
|
||||
* Correctly compose multiple allowed origins in CORS. #517
|
||||
|
||||
## [0.7.8] - 2018-09-17
|
||||
|
||||
|
@ -826,8 +826,8 @@ impl<S: 'static> CorsBuilder<S> {
|
||||
if let AllOrSome::Some(ref origins) = cors.origins {
|
||||
let s = origins
|
||||
.iter()
|
||||
.fold(String::new(), |s, v| s + &v.to_string());
|
||||
cors.origins_str = Some(HeaderValue::try_from(s.as_str()).unwrap());
|
||||
.fold(String::new(), |s, v| format!("{}, {}", s, v));
|
||||
cors.origins_str = Some(HeaderValue::try_from(&s[2..]).unwrap());
|
||||
}
|
||||
|
||||
if !self.expose_hdrs.is_empty() {
|
||||
@ -1122,16 +1122,18 @@ mod tests {
|
||||
let cors = Cors::build()
|
||||
.disable_vary_header()
|
||||
.allowed_origin("https://www.example.com")
|
||||
.allowed_origin("https://www.google.com")
|
||||
.finish();
|
||||
let resp: HttpResponse = HttpResponse::Ok().into();
|
||||
let resp = cors.response(&req, resp).unwrap().response();
|
||||
assert_eq!(
|
||||
&b"https://www.example.com"[..],
|
||||
resp.headers()
|
||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.unwrap()
|
||||
.as_bytes()
|
||||
);
|
||||
|
||||
let origins_str = resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap().to_str().unwrap();
|
||||
|
||||
if origins_str.starts_with("https://www.example.com") {
|
||||
assert_eq!("https://www.example.com, https://www.google.com", origins_str);
|
||||
} else {
|
||||
assert_eq!("https://www.google.com, https://www.example.com", origins_str);
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
Loading…
Reference in New Issue
Block a user