actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-24 07:53:00 +01:00
Code Issues Releases Wiki Activity

Fixed headers' formating for CORS Middleware Access-Control-Expose-Headers header value to HTTP/1.1 & HTTP/2 spec-compliant format (#436)

Browse Source
This commit is contained in:
Mathieu Amiot 2018-08-03 12:03:11 +00:00 committed by Douman
parent f8e5d7c6c1
commit 9a10d8aa7a
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.md
View File

@ -15,7 +15,6 @@
* Allow TestServer to open a websocket on any URL (TestServer::ws_at()) #433 * Allow TestServer to open a websocket on any URL (TestServer::ws_at()) #433
### Fixed ### Fixed
* Fixed failure 0.1.2 compatibility * Fixed failure 0.1.2 compatibility
@ -26,6 +25,8 @@
* HttpRequest::url_for is not working with scopes #429 * HttpRequest::url_for is not working with scopes #429
* Fixed headers' formating for CORS Middleware `Access-Control-Expose-Headers` header value to HTTP/1.1 & HTTP/2 spec-compliant format #436
## [0.7.2] - 2018-07-26 ## [0.7.2] - 2018-07-26

26
src/middleware/cors.rs
View File

@ -838,10 +838,9 @@ impl<S: 'static> CorsBuilder<S> {
if !self.expose_hdrs.is_empty() { if !self.expose_hdrs.is_empty() {
cors.expose_hdrs = Some( cors.expose_hdrs = Some(
self.expose_hdrs self.expose_hdrs.iter()
.iter() .fold(String::new(), |s, v| format!("{}, {}", s, v.as_str()))[2..]
.fold(String::new(), |s, v| s + v.as_str())[1..] .to_owned()
.to_owned(),
); );
} }
Cors { Cors {
@ -1073,12 +1072,14 @@ mod tests {
#[test] #[test]
fn test_response() { fn test_response() {
let exposed_headers = vec![header::AUTHORIZATION, header::ACCEPT];
let cors = Cors::build() let cors = Cors::build()
.send_wildcard() .send_wildcard()
.disable_preflight() .disable_preflight()
.max_age(3600) .max_age(3600)
.allowed_methods(vec![Method::GET, Method::OPTIONS, Method::POST]) .allowed_methods(vec![Method::GET, Method::OPTIONS, Method::POST])
.allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT]) .allowed_headers(exposed_headers.clone())
.expose_headers(exposed_headers.clone())
.allowed_header(header::CONTENT_TYPE) .allowed_header(header::CONTENT_TYPE)
.finish(); .finish();
@ -1100,6 +1101,21 @@ mod tests {
resp.headers().get(header::VARY).unwrap().as_bytes() resp.headers().get(header::VARY).unwrap().as_bytes()
); );
{
let headers = resp.headers()
.get(header::ACCESS_CONTROL_EXPOSE_HEADERS)
.unwrap()
.to_str()
.unwrap()
.split(',')
.map(|s| s.trim())
.collect::<Vec<&str>>();
for h in exposed_headers {
assert!(headers.contains(&h.as_str()));
}
}
let resp: HttpResponse = let resp: HttpResponse =
HttpResponse::Ok().header(header::VARY, "Accept").finish(); HttpResponse::Ok().header(header::VARY, "Accept").finish();
let resp = cors.response(&req, resp).unwrap().response(); let resp = cors.response(&req, resp).unwrap().response();