kopia lustrzana https://github.com/gaul/s3proxy
rodzic
b1453bd8f6
commit
435eb37bf8
|
@ -137,58 +137,6 @@ public final class CrossOriginResourceSharingResponseTest {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCorsPreflightNegative() throws Exception {
|
||||
// No CORS headers
|
||||
HttpOptions request = new HttpOptions(presignedGET);
|
||||
HttpResponse response = httpClient.execute(request);
|
||||
/*
|
||||
* For non presigned URLs that should give a 400, but the
|
||||
* Access-Control-Request-Method header is needed for presigned URLs
|
||||
* to calculate the same signature. If this is missing it fails already
|
||||
* with 403 - Signature mismatch before processing the OPTIONS request
|
||||
* See testCorsPreflightPublicRead for that cases
|
||||
*/
|
||||
assertThat(response.getStatusLine().getStatusCode())
|
||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
||||
|
||||
// Not allowed origin
|
||||
request.reset();
|
||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.org");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
response = httpClient.execute(request);
|
||||
assertThat(response.getStatusLine().getStatusCode())
|
||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
||||
|
||||
// Not allowed method
|
||||
request.reset();
|
||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH");
|
||||
response = httpClient.execute(request);
|
||||
assertThat(response.getStatusLine().getStatusCode())
|
||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
||||
|
||||
// Not allowed header
|
||||
request.reset();
|
||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
|
||||
"Accept-Encoding");
|
||||
response = httpClient.execute(request);
|
||||
assertThat(response.getStatusLine().getStatusCode())
|
||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
||||
|
||||
// Not allowed header combination
|
||||
request.reset();
|
||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
|
||||
"Accept, Accept-Encoding");
|
||||
response = httpClient.execute(request);
|
||||
assertThat(response.getStatusLine().getStatusCode())
|
||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCorsPreflight() throws Exception {
|
||||
// Allowed origin and method
|
||||
|
|
Ładowanie…
Reference in New Issue