1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-27 09:12:57 +01:00

fix expose all headers (#273)

* fix expose all headers

* update changelog
This commit is contained in:
Rob Ede 2022-08-07 21:56:33 +02:00 committed by GitHub
parent bcb8dbe1fc
commit 7c3c9357e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 14 deletions

View File

@ -1,8 +1,11 @@
# Changes
## Unreleased - 2022-xx-xx
- Fix `expose_any_header` to return list of response headers. [#273]
- Minimum supported Rust version (MSRV) is now 1.57 due to transitive `time` dependency.
[#273]: https://github.com/actix/actix-extras/pull/273
## 0.6.1 - 2022-03-07
- Do not consider requests without a `Access-Control-Request-Method` as preflight. [#226]

View File

@ -315,7 +315,7 @@ impl Cors {
self
}
/// Resets exposed response header list to a state where any header is accepted.
/// Resets exposed response header list to a state where all headers are exposed.
///
/// See [`Cors::expose_headers`] for more info on exposed response headers.
pub fn expose_any_header(mut self) -> Cors {

View File

@ -121,10 +121,9 @@ impl<S> CorsMiddleware<S> {
.insert(header::ACCESS_CONTROL_EXPOSE_HEADERS, expose.clone());
} else if matches!(inner.expose_headers, AllOrSome::All) {
// intersperse_header_values requires that argument is non-empty
if !res.request().headers().is_empty() {
if !res.headers().is_empty() {
// extract header names from request
let expose_all_request_headers = res
.request()
.headers()
.keys()
.into_iter()

View File

@ -501,7 +501,15 @@ async fn test_allow_any_origin_any_method_any_header() {
#[actix_web::test]
async fn expose_all_request_header_values() {
let cors = Cors::permissive()
.new_transform(test::ok_service())
.new_transform(fn_service(|req: ServiceRequest| async move {
let res = req.into_response(
HttpResponse::Ok()
.insert_header((header::CONTENT_DISPOSITION, "test disposition"))
.finish(),
);
Ok(res)
}))
.await
.unwrap();
@ -509,20 +517,17 @@ async fn expose_all_request_header_values() {
.insert_header((header::ORIGIN, "https://www.example.com"))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, "POST"))
.insert_header((header::ACCESS_CONTROL_REQUEST_HEADERS, "content-type"))
.insert_header(("X-XSRF-TOKEN", "xsrf-token"))
.to_srv_request();
let resp = test::call_service(&cors, req).await;
let res = test::call_service(&cors, req).await;
assert!(resp
.headers()
.contains_key(header::ACCESS_CONTROL_EXPOSE_HEADERS));
assert!(resp
let cd_hdr = res
.headers()
.get(header::ACCESS_CONTROL_EXPOSE_HEADERS)
.unwrap()
.to_str()
.unwrap()
.contains("xsrf-token"));
.unwrap();
assert!(cd_hdr.contains("content-disposition"));
assert!(cd_hdr.contains("access-control-allow-origin"));
}

View File

@ -2,7 +2,7 @@
## Unreleased - 2022-xx-xx
- Implement `Default` for `RateLimiter`.
- `RateLimiter` can no longer be constructed without `::default()`.
- `RateLimiter` is marked `#[non_exhaustive]`; use `RateLimiter::default()` instead.
## 0.3.0 - 2022-07-11
- `Limiter::builder` now takes an `impl Into<String>`.