Repository: cxf Updated Branches: refs/heads/2.6.x-fixes d611bcfca -> 8f4149e27
[CXF-5598] Using case-insensitive comparison of allowed headers as per CORS spec Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8f4149e2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8f4149e2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8f4149e2 Branch: refs/heads/2.6.x-fixes Commit: 8f4149e27af73fc9ad52f31ded5a38ae55da66b7 Parents: d611bcf Author: Sergey Beryozkin <[email protected]> Authored: Tue Mar 11 12:35:42 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Mar 11 12:56:27 2014 +0000 ---------------------------------------------------------------------- .../rs/security/cors/CrossOriginResourceSharingFilter.java | 7 +++++-- .../apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8f4149e2/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java index c55ddbc..3d53e70 100644 --- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java +++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java @@ -25,6 +25,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; +import java.util.Set; +import java.util.TreeSet; import java.util.regex.Pattern; import javax.ws.rs.core.Context; @@ -415,8 +417,9 @@ public class CrossOriginResourceSharingFilter implements RequestHandler, Respons } else { actualHeaders = allowHeaders; } - - return actualHeaders.containsAll(aHeaders); + Set<String> actualHeadersSet = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER); + actualHeadersSet.addAll(actualHeaders); + return actualHeadersSet.containsAll(aHeaders); } private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8f4149e2/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java index d38ed69..81c9a23 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java @@ -378,7 +378,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase { // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:31415";); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT"); - http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2"); + http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response); @@ -389,7 +389,7 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase { assertEquals(Collections.emptyList(), exposeHeadersValues); List<String> allowHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS)); - assertEquals(Arrays.asList(new String[] {"X-custom-1", "X-custom-2" }), allowHeadersValues); + assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues); } @Test
