mirror of
https://github.com/fafhrd91/actix-web
synced 2025-01-17 21:34:32 +01:00
fix panic in cors if request does not contain origin header and send_wildcard is not set
This commit is contained in:
parent
84ef5ee410
commit
4263574a58
@ -4,6 +4,8 @@
|
||||
|
||||
* Fix client cookie handling
|
||||
|
||||
* Fix CORS middleware #117
|
||||
|
||||
* Optimize websockets stream support
|
||||
|
||||
|
||||
|
@ -349,8 +349,7 @@ impl<S> Middleware<S> for Cors {
|
||||
if self.send_wildcard {
|
||||
resp.headers_mut().insert(
|
||||
header::ACCESS_CONTROL_ALLOW_ORIGIN, HeaderValue::from_static("*"));
|
||||
} else {
|
||||
let origin = req.headers().get(header::ORIGIN).unwrap();
|
||||
} else if let Some(origin) = req.headers().get(header::ORIGIN) {
|
||||
resp.headers_mut().insert(
|
||||
header::ACCESS_CONTROL_ALLOW_ORIGIN, origin.clone());
|
||||
}
|
||||
@ -807,6 +806,25 @@ mod tests {
|
||||
assert!(cors.start(&mut req).unwrap().is_done());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_no_origin_response() {
|
||||
let cors = Cors::build().finish().unwrap();
|
||||
|
||||
let mut req = TestRequest::default().method(Method::GET).finish();
|
||||
let resp: HttpResponse = HttpOk.into();
|
||||
let resp = cors.response(&mut req, resp).unwrap().response();
|
||||
assert!(resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).is_none());
|
||||
|
||||
let mut req = TestRequest::with_header(
|
||||
"Origin", "https://www.example.com")
|
||||
.method(Method::OPTIONS)
|
||||
.finish();
|
||||
let resp = cors.response(&mut req, resp).unwrap().response();
|
||||
assert_eq!(
|
||||
&b"https://www.example.com"[..],
|
||||
resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap().as_bytes());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_response() {
|
||||
let cors = Cors::build()
|
||||
|
Loading…
x
Reference in New Issue
Block a user