Repository: cxf Updated Branches: refs/heads/master d61c528f4 -> e557d6f2c
[CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e557d6f2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e557d6f2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e557d6f2 Branch: refs/heads/master Commit: e557d6f2cccd2222c93ed6ccadfc229ef6346770 Parents: d61c528 Author: Sergey Beryozkin <[email protected]> Authored: Tue Mar 11 12:35:42 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Mar 11 12:35:42 2014 +0000 ---------------------------------------------------------------------- .../rs/security/cors/CrossOriginResourceSharingFilter.java | 7 +++++-- .../apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e557d6f2/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java index 27100b3..f976a50 100644 --- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java +++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java @@ -26,6 +26,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.TreeSet; import java.util.regex.Pattern; import javax.ws.rs.HttpMethod; @@ -432,8 +434,9 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter, } else { actualHeaders = allowHeaders; } - - return actualHeaders.containsAll(aHeaders); + Set<String> actualHeadersSet = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER); + actualHeadersSet.addAll(actualHeaders); + return actualHeadersSet.containsAll(aHeaders); } private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) { http://git-wip-us.apache.org/repos/asf/cxf/blob/e557d6f2/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java index a85d596..ef3dc25 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java @@ -418,7 +418,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase { // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:31415";); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT"); - http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2"); + http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response); @@ -429,7 +429,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase { assertEquals(Collections.emptyList(), exposeHeadersValues); List<String> allowHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS)); - assertEquals(Arrays.asList(new String[] {"X-custom-1", "X-custom-2" }), allowHeadersValues); + assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); }
