mirror of
https://github.com/actix/actix-extras.git
synced 2024-11-27 09:12:57 +01:00
fix expose all headers (#273)
* fix expose all headers * update changelog
This commit is contained in:
parent
bcb8dbe1fc
commit
7c3c9357e0
@ -1,8 +1,11 @@
|
||||
# Changes
|
||||
|
||||
## Unreleased - 2022-xx-xx
|
||||
- Fix `expose_any_header` to return list of response headers. [#273]
|
||||
- Minimum supported Rust version (MSRV) is now 1.57 due to transitive `time` dependency.
|
||||
|
||||
[#273]: https://github.com/actix/actix-extras/pull/273
|
||||
|
||||
|
||||
## 0.6.1 - 2022-03-07
|
||||
- Do not consider requests without a `Access-Control-Request-Method` as preflight. [#226]
|
||||
|
@ -315,7 +315,7 @@ impl Cors {
|
||||
self
|
||||
}
|
||||
|
||||
/// Resets exposed response header list to a state where any header is accepted.
|
||||
/// Resets exposed response header list to a state where all headers are exposed.
|
||||
///
|
||||
/// See [`Cors::expose_headers`] for more info on exposed response headers.
|
||||
pub fn expose_any_header(mut self) -> Cors {
|
||||
|
@ -121,10 +121,9 @@ impl<S> CorsMiddleware<S> {
|
||||
.insert(header::ACCESS_CONTROL_EXPOSE_HEADERS, expose.clone());
|
||||
} else if matches!(inner.expose_headers, AllOrSome::All) {
|
||||
// intersperse_header_values requires that argument is non-empty
|
||||
if !res.request().headers().is_empty() {
|
||||
if !res.headers().is_empty() {
|
||||
// extract header names from request
|
||||
let expose_all_request_headers = res
|
||||
.request()
|
||||
.headers()
|
||||
.keys()
|
||||
.into_iter()
|
||||
|
@ -501,7 +501,15 @@ async fn test_allow_any_origin_any_method_any_header() {
|
||||
#[actix_web::test]
|
||||
async fn expose_all_request_header_values() {
|
||||
let cors = Cors::permissive()
|
||||
.new_transform(test::ok_service())
|
||||
.new_transform(fn_service(|req: ServiceRequest| async move {
|
||||
let res = req.into_response(
|
||||
HttpResponse::Ok()
|
||||
.insert_header((header::CONTENT_DISPOSITION, "test disposition"))
|
||||
.finish(),
|
||||
);
|
||||
|
||||
Ok(res)
|
||||
}))
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
@ -509,20 +517,17 @@ async fn expose_all_request_header_values() {
|
||||
.insert_header((header::ORIGIN, "https://www.example.com"))
|
||||
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, "POST"))
|
||||
.insert_header((header::ACCESS_CONTROL_REQUEST_HEADERS, "content-type"))
|
||||
.insert_header(("X-XSRF-TOKEN", "xsrf-token"))
|
||||
.to_srv_request();
|
||||
|
||||
let resp = test::call_service(&cors, req).await;
|
||||
let res = test::call_service(&cors, req).await;
|
||||
|
||||
assert!(resp
|
||||
.headers()
|
||||
.contains_key(header::ACCESS_CONTROL_EXPOSE_HEADERS));
|
||||
|
||||
assert!(resp
|
||||
let cd_hdr = res
|
||||
.headers()
|
||||
.get(header::ACCESS_CONTROL_EXPOSE_HEADERS)
|
||||
.unwrap()
|
||||
.to_str()
|
||||
.unwrap()
|
||||
.contains("xsrf-token"));
|
||||
.unwrap();
|
||||
|
||||
assert!(cd_hdr.contains("content-disposition"));
|
||||
assert!(cd_hdr.contains("access-control-allow-origin"));
|
||||
}
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
## Unreleased - 2022-xx-xx
|
||||
- Implement `Default` for `RateLimiter`.
|
||||
- `RateLimiter` can no longer be constructed without `::default()`.
|
||||
- `RateLimiter` is marked `#[non_exhaustive]`; use `RateLimiter::default()` instead.
|
||||
|
||||
## 0.3.0 - 2022-07-11
|
||||
- `Limiter::builder` now takes an `impl Into<String>`.
|
||||
|
Loading…
Reference in New Issue
Block a user