From 2f30fd71a91264e596855afe03a533cee8e408ba Mon Sep 17 00:00:00 2001 From: yhx-12243 Date: Wed, 6 Dec 2023 21:52:22 +0800 Subject: [PATCH] fix(cors): The item in "Vary" header should be "Access-Control-Request-Private-Network". (#369) * fix(cors): vary should be "Access-Control-Request-Private-Network" * docs(cors): update the changelog --- actix-cors/CHANGES.md | 1 + actix-cors/src/inner.rs | 4 ++-- actix-cors/tests/tests.rs | 12 ++++++------ 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/actix-cors/CHANGES.md b/actix-cors/CHANGES.md index 9b315db1f..1c82c37ca 100644 --- a/actix-cors/CHANGES.md +++ b/actix-cors/CHANGES.md @@ -2,6 +2,7 @@ ## Unreleased +- Fix `add_vary_header` to provide `Access-Control-Request-Private-Network`. - Minimum supported Rust version (MSRV) is now 1.68. ## 0.6.4 diff --git a/actix-cors/src/inner.rs b/actix-cors/src/inner.rs index f5ab671cb..eb9b7ec27 100644 --- a/actix-cors/src/inner.rs +++ b/actix-cors/src/inner.rs @@ -223,7 +223,7 @@ pub(crate) fn add_vary_header(headers: &mut HeaderMap) { val.extend(b", Origin, Access-Control-Request-Method, Access-Control-Request-Headers"); #[cfg(feature = "draft-private-network-access")] - val.extend(b", Access-Control-Allow-Private-Network"); + val.extend(b", Access-Control-Request-Private-Network"); val.try_into().unwrap() } @@ -231,7 +231,7 @@ pub(crate) fn add_vary_header(headers: &mut HeaderMap) { #[cfg(feature = "draft-private-network-access")] None => HeaderValue::from_static( "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, \ - Access-Control-Allow-Private-Network", + Access-Control-Request-Private-Network", ), #[cfg(not(feature = "draft-private-network-access"))] diff --git a/actix-cors/tests/tests.rs b/actix-cors/tests/tests.rs index e08c76678..e5943b19d 100644 --- a/actix-cors/tests/tests.rs +++ b/actix-cors/tests/tests.rs @@ -272,7 +272,7 @@ async fn test_response() { #[cfg(feature = "draft-private-network-access")] assert_eq!( resp.headers().get(header::VARY).map(HeaderValue::as_bytes), - Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network"[..]), + Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network"[..]), ); #[allow(clippy::needless_collect)] @@ -328,7 +328,7 @@ async fn test_response() { #[cfg(feature = "draft-private-network-access")] assert_eq!( resp.headers().get(header::VARY).map(HeaderValue::as_bytes).unwrap(), - b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network", + b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", ); let cors = Cors::default() @@ -494,7 +494,7 @@ async fn vary_header_on_all_handled_responses() { .expect("response should have Vary header") .to_str() .unwrap(), - "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network", + "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", ); // follow-up regular request @@ -520,7 +520,7 @@ async fn vary_header_on_all_handled_responses() { .expect("response should have Vary header") .to_str() .unwrap(), - "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network", + "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", ); let cors = Cors::default() @@ -552,7 +552,7 @@ async fn vary_header_on_all_handled_responses() { .expect("response should have Vary header") .to_str() .unwrap(), - "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network", + "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", ); // regular request no origin @@ -575,7 +575,7 @@ async fn vary_header_on_all_handled_responses() { .expect("response should have Vary header") .to_str() .unwrap(), - "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network", + "Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network", ); }