Skip to content

Commit

Permalink
Allow same origin CORS requests without 3rd party origins being confi…
Browse files Browse the repository at this point in the history
…gured
  • Loading branch information
sberyozkin committed Feb 16, 2023
1 parent 7949e33 commit f4dde34
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
package io.quarkus.vertx.http.cors;

import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.nullValue;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;

class CORSSameOriginWithoutOriginConfigTestCase {

@RegisterExtension
static QuarkusUnitTest runner = new QuarkusUnitTest()
.withApplicationRoot((jar) -> jar
.addClasses(BeanRegisteringRoute.class)
.addAsResource("conf/cors-same-origin-only.properties", "application.properties"));

@Test
void corsSameOriginRequest() {
String origin = "http://localhost:8081";
given().header("Origin", origin)
.get("/test").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin);
}

@Test
void corsInvalidSameOriginRequest() {
String origin = "http://externalhost:8081";
given().header("Origin", origin)
.get("/test").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
quarkus.http.cors=true
Original file line number Diff line number Diff line change
Expand Up @@ -187,10 +187,13 @@ public void handle(RoutingContext event) {

boolean allowsOrigin = wildcardOrigin;
if (!allowsOrigin) {
allowsOrigin = !corsConfig.origins.isEmpty()
&& (corsConfig.origins.get().contains(origin)
|| isOriginAllowedByRegex(allowedOriginsRegex, origin)
|| isSameOrigin(request, origin));
if (!corsConfig.origins.isEmpty()) {
allowsOrigin = corsConfig.origins.get().contains(origin)
|| isOriginAllowedByRegex(allowedOriginsRegex, origin)
|| isSameOrigin(request, origin);
} else {
allowsOrigin = isSameOrigin(request, origin);
}
}

if (allowsOrigin) {
Expand Down

0 comments on commit f4dde34

Please sign in to comment.