mirror of
https://github.com/fafhrd91/actix-web
synced 2025-01-18 05:41:50 +01:00
fix panic in cors if request does not contain origin header and send_wildcard is not set
This commit is contained in:
parent
84ef5ee410
commit
4263574a58
@ -4,6 +4,8 @@
|
|||||||
|
|
||||||
* Fix client cookie handling
|
* Fix client cookie handling
|
||||||
|
|
||||||
|
* Fix CORS middleware #117
|
||||||
|
|
||||||
* Optimize websockets stream support
|
* Optimize websockets stream support
|
||||||
|
|
||||||
|
|
||||||
|
@ -349,8 +349,7 @@ impl<S> Middleware<S> for Cors {
|
|||||||
if self.send_wildcard {
|
if self.send_wildcard {
|
||||||
resp.headers_mut().insert(
|
resp.headers_mut().insert(
|
||||||
header::ACCESS_CONTROL_ALLOW_ORIGIN, HeaderValue::from_static("*"));
|
header::ACCESS_CONTROL_ALLOW_ORIGIN, HeaderValue::from_static("*"));
|
||||||
} else {
|
} else if let Some(origin) = req.headers().get(header::ORIGIN) {
|
||||||
let origin = req.headers().get(header::ORIGIN).unwrap();
|
|
||||||
resp.headers_mut().insert(
|
resp.headers_mut().insert(
|
||||||
header::ACCESS_CONTROL_ALLOW_ORIGIN, origin.clone());
|
header::ACCESS_CONTROL_ALLOW_ORIGIN, origin.clone());
|
||||||
}
|
}
|
||||||
@ -807,6 +806,25 @@ mod tests {
|
|||||||
assert!(cors.start(&mut req).unwrap().is_done());
|
assert!(cors.start(&mut req).unwrap().is_done());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_no_origin_response() {
|
||||||
|
let cors = Cors::build().finish().unwrap();
|
||||||
|
|
||||||
|
let mut req = TestRequest::default().method(Method::GET).finish();
|
||||||
|
let resp: HttpResponse = HttpOk.into();
|
||||||
|
let resp = cors.response(&mut req, resp).unwrap().response();
|
||||||
|
assert!(resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).is_none());
|
||||||
|
|
||||||
|
let mut req = TestRequest::with_header(
|
||||||
|
"Origin", "https://www.example.com")
|
||||||
|
.method(Method::OPTIONS)
|
||||||
|
.finish();
|
||||||
|
let resp = cors.response(&mut req, resp).unwrap().response();
|
||||||
|
assert_eq!(
|
||||||
|
&b"https://www.example.com"[..],
|
||||||
|
resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap().as_bytes());
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_response() {
|
fn test_response() {
|
||||||
let cors = Cors::build()
|
let cors = Cors::build()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user