huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[Fixes #51] Missing null check in CorsPolicyBuilder

This commit is contained in:
Kiran Challa 2015-11-23 10:17:43 -08:00
parent d88646cb7b
commit 80f1655478
2 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Microsoft.AspNet.Cors/CorsPolicyBuilder.cs
View File

@ -180,7 +180,11 @@ namespace Microsoft.AspNet.Cors.Infrastructure
WithHeaders(policy.Headers.ToArray());
WithExposedHeaders(policy.ExposedHeaders.ToArray());
WithMethods(policy.Methods.ToArray());
SetPreflightMaxAge(policy.PreflightMaxAge.Value);
if (policy.PreflightMaxAge.HasValue)
{
SetPreflightMaxAge(policy.PreflightMaxAge.Value);
}
if (policy.SupportsCredentials)
{

53
test/Microsoft.AspNet.Cors.Test/CorsPolicyBuilderTests.cs
View File

@ -14,16 +14,16 @@ namespace Microsoft.AspNet.Cors.Infrastructure
public void Constructor_WithPolicy_AddsTheGivenPolicy()
{
// Arrange
var policy = new CorsPolicy();
policy.Origins.Add("http://existing.com");
policy.Headers.Add("Existing");
policy.Methods.Add("GET");
policy.ExposedHeaders.Add("ExistingExposed");
policy.SupportsCredentials = true;
policy.PreflightMaxAge = TimeSpan.FromSeconds(12);
var originalPolicy = new CorsPolicy();
originalPolicy.Origins.Add("http://existing.com");
originalPolicy.Headers.Add("Existing");
originalPolicy.Methods.Add("GET");
originalPolicy.ExposedHeaders.Add("ExistingExposed");
originalPolicy.SupportsCredentials = true;
originalPolicy.PreflightMaxAge = TimeSpan.FromSeconds(12);
// Act
var builder = new CorsPolicyBuilder(policy);
var builder = new CorsPolicyBuilder(originalPolicy);
// Assert
var corsPolicy = builder.Build();
@ -32,13 +32,41 @@ namespace Microsoft.AspNet.Cors.Infrastructure
Assert.False(corsPolicy.AllowAnyMethod);
Assert.False(corsPolicy.AllowAnyOrigin);
Assert.True(corsPolicy.SupportsCredentials);
Assert.Equal(policy.Headers, corsPolicy.Headers);
Assert.Equal(policy.Methods, corsPolicy.Methods);
Assert.Equal(policy.Origins, corsPolicy.Origins);
Assert.Equal(policy.ExposedHeaders, corsPolicy.ExposedHeaders);
Assert.NotSame(originalPolicy.Headers, corsPolicy.Headers);
Assert.Equal(originalPolicy.Headers, corsPolicy.Headers);
Assert.NotSame(originalPolicy.Methods, corsPolicy.Methods);
Assert.Equal(originalPolicy.Methods, corsPolicy.Methods);
Assert.NotSame(originalPolicy.Origins, corsPolicy.Origins);
Assert.Equal(originalPolicy.Origins, corsPolicy.Origins);
Assert.NotSame(originalPolicy.ExposedHeaders, corsPolicy.ExposedHeaders);
Assert.Equal(originalPolicy.ExposedHeaders, corsPolicy.ExposedHeaders);
Assert.Equal(TimeSpan.FromSeconds(12), corsPolicy.PreflightMaxAge);
}
[Fact]
public void ConstructorWithPolicy_HavingNullPreflightMaxAge_AddsTheGivenPolicy()
{
// Arrange
var originalPolicy = new CorsPolicy();
originalPolicy.Origins.Add("http://existing.com");
// Act
var builder = new CorsPolicyBuilder(originalPolicy);
// Assert
var corsPolicy = builder.Build();
Assert.Null(corsPolicy.PreflightMaxAge);
Assert.False(corsPolicy.AllowAnyHeader);
Assert.False(corsPolicy.AllowAnyMethod);
Assert.False(corsPolicy.AllowAnyOrigin);
Assert.NotSame(originalPolicy.Origins, corsPolicy.Origins);
Assert.Equal(originalPolicy.Origins, corsPolicy.Origins);
Assert.Empty(corsPolicy.Headers);
Assert.Empty(corsPolicy.Methods);
Assert.Empty(corsPolicy.ExposedHeaders);
}
[Fact]
public void Constructor_WithNoOrigin()
{
@ -112,7 +140,6 @@ namespace Microsoft.AspNet.Cors.Infrastructure
Assert.Equal(new List<string>() { "*" }, corsPolicy.Origins);
}
[Fact]
public void WithMethods_AddsMethods()
{