vttranlina commented on a change in pull request #699:
URL: https://github.com/apache/james-project/pull/699#discussion_r730652008
##########
File path:
server/protocols/jmap/src/test/java/org/apache/james/jmap/JMAPServerTest.java
##########
@@ -222,9 +229,50 @@ void serverShouldReturnBadRequestWhenVersionIsUnknown() {
}
}
- private static class FakeJMAPRoutes implements JMAPRoutes {
- private static final Logger LOGGER =
LoggerFactory.getLogger(FakeJMAPRoutes.class);
+ @Nested
+ class CorsRouteVersioningTest {
+ JMAPServer server;
+
+ @BeforeEach
+ void setUp() {
+ VersionParser versionParser = new
VersionParser(SUPPORTED_VERSIONS, JMAPConfiguration.DEFAULT);
+ server = new JMAPServer(TEST_CONFIGURATION, CORS_ROUTES,
versionParser);
+ server.start();
+
+ RestAssured.requestSpecification = new RequestSpecBuilder()
+ .setContentType(ContentType.JSON)
+ .setAccept(ContentType.JSON)
+
.setConfig(newConfig().encoderConfig(encoderConfig().defaultContentCharset(StandardCharsets.UTF_8)))
+ .setPort(server.getPort().getValue())
+ .build();
+ }
+
+ @AfterEach
+ void tearDown() {
+ server.stop();
+ }
+ @Test
+ void corsRoutesOfAllVersionsShouldBeExposed() {
+ when()
+ .options("/b")
+ .then()
+ .statusCode(200)
+ .header("Access-Control-Allow-Origin", "*")
Review comment:
Should we accept only from assigned domains? instead of accepting all,
that will avoid the weakness of CORS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
