kopia lustrzana https://github.com/gaul/s3proxy
rodzic
b1453bd8f6
commit
435eb37bf8
|
@ -137,58 +137,6 @@ public final class CrossOriginResourceSharingResponseTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testCorsPreflightNegative() throws Exception {
|
|
||||||
// No CORS headers
|
|
||||||
HttpOptions request = new HttpOptions(presignedGET);
|
|
||||||
HttpResponse response = httpClient.execute(request);
|
|
||||||
/*
|
|
||||||
* For non presigned URLs that should give a 400, but the
|
|
||||||
* Access-Control-Request-Method header is needed for presigned URLs
|
|
||||||
* to calculate the same signature. If this is missing it fails already
|
|
||||||
* with 403 - Signature mismatch before processing the OPTIONS request
|
|
||||||
* See testCorsPreflightPublicRead for that cases
|
|
||||||
*/
|
|
||||||
assertThat(response.getStatusLine().getStatusCode())
|
|
||||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
|
||||||
|
|
||||||
// Not allowed origin
|
|
||||||
request.reset();
|
|
||||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.org");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
|
||||||
response = httpClient.execute(request);
|
|
||||||
assertThat(response.getStatusLine().getStatusCode())
|
|
||||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
|
||||||
|
|
||||||
// Not allowed method
|
|
||||||
request.reset();
|
|
||||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH");
|
|
||||||
response = httpClient.execute(request);
|
|
||||||
assertThat(response.getStatusLine().getStatusCode())
|
|
||||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
|
||||||
|
|
||||||
// Not allowed header
|
|
||||||
request.reset();
|
|
||||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
|
|
||||||
"Accept-Encoding");
|
|
||||||
response = httpClient.execute(request);
|
|
||||||
assertThat(response.getStatusLine().getStatusCode())
|
|
||||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
|
||||||
|
|
||||||
// Not allowed header combination
|
|
||||||
request.reset();
|
|
||||||
request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
|
||||||
request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
|
|
||||||
"Accept, Accept-Encoding");
|
|
||||||
response = httpClient.execute(request);
|
|
||||||
assertThat(response.getStatusLine().getStatusCode())
|
|
||||||
.isEqualTo(HttpStatus.SC_FORBIDDEN);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCorsPreflight() throws Exception {
|
public void testCorsPreflight() throws Exception {
|
||||||
// Allowed origin and method
|
// Allowed origin and method
|
||||||
|
|
Ładowanie…
Reference in New Issue