mirror of
https://github.com/fafhrd91/actix-web
synced 2024-12-18 01:43:58 +01:00
Correct composing of multiple origins in cors (#518)
This commit is contained in:
parent
0dc96658f2
commit
1b298142e3
@ -5,6 +5,7 @@
|
|||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* HTTP1 decoding errors are reported to the client. #512
|
* HTTP1 decoding errors are reported to the client. #512
|
||||||
|
* Correctly compose multiple allowed origins in CORS. #517
|
||||||
|
|
||||||
## [0.7.8] - 2018-09-17
|
## [0.7.8] - 2018-09-17
|
||||||
|
|
||||||
|
@ -826,8 +826,8 @@ impl<S: 'static> CorsBuilder<S> {
|
|||||||
if let AllOrSome::Some(ref origins) = cors.origins {
|
if let AllOrSome::Some(ref origins) = cors.origins {
|
||||||
let s = origins
|
let s = origins
|
||||||
.iter()
|
.iter()
|
||||||
.fold(String::new(), |s, v| s + &v.to_string());
|
.fold(String::new(), |s, v| format!("{}, {}", s, v));
|
||||||
cors.origins_str = Some(HeaderValue::try_from(s.as_str()).unwrap());
|
cors.origins_str = Some(HeaderValue::try_from(&s[2..]).unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
if !self.expose_hdrs.is_empty() {
|
if !self.expose_hdrs.is_empty() {
|
||||||
@ -1122,16 +1122,18 @@ mod tests {
|
|||||||
let cors = Cors::build()
|
let cors = Cors::build()
|
||||||
.disable_vary_header()
|
.disable_vary_header()
|
||||||
.allowed_origin("https://www.example.com")
|
.allowed_origin("https://www.example.com")
|
||||||
|
.allowed_origin("https://www.google.com")
|
||||||
.finish();
|
.finish();
|
||||||
let resp: HttpResponse = HttpResponse::Ok().into();
|
let resp: HttpResponse = HttpResponse::Ok().into();
|
||||||
let resp = cors.response(&req, resp).unwrap().response();
|
let resp = cors.response(&req, resp).unwrap().response();
|
||||||
assert_eq!(
|
|
||||||
&b"https://www.example.com"[..],
|
let origins_str = resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap().to_str().unwrap();
|
||||||
resp.headers()
|
|
||||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
if origins_str.starts_with("https://www.example.com") {
|
||||||
.unwrap()
|
assert_eq!("https://www.example.com, https://www.google.com", origins_str);
|
||||||
.as_bytes()
|
} else {
|
||||||
);
|
assert_eq!("https://www.google.com, https://www.example.com", origins_str);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
Loading…
Reference in New Issue
Block a user