Handle correctly * in CorsConfiguration#combine() other parameter

sdeleuze · sdeleuze · commit 71e2d8e9dec6 · 2015-11-12T10:40:32.000+01:00
Issue: SPR-13674
diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
@@ -17,7 +17,6 @@
 package org.springframework.web.cors;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
@@ -103,7 +102,7 @@ public CorsConfiguration combine(CorsConfiguration other) {
 	}
 
 	private List<String> combine(List<String> source, List<String> other) {
-		if (other == null) {
+		if (other == null || other.contains(ALL)) {
 			return source;
 		}
 		if (source == null || source.contains(ALL)) {
diff --git a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
@@ -114,11 +114,16 @@ public void combineWithAsteriskWildCard() {
 		other.addAllowedHeader("header1");
 		other.addExposedHeader("header2");
 		other.addAllowedMethod(HttpMethod.PUT.name());
-		config = config.combine(other);
-		assertEquals(Arrays.asList("http://domain.com"), config.getAllowedOrigins());
-		assertEquals(Arrays.asList("header1"), config.getAllowedHeaders());
-		assertEquals(Arrays.asList("header2"), config.getExposedHeaders());
-		assertEquals(Arrays.asList(HttpMethod.PUT.name()), config.getAllowedMethods());
+		CorsConfiguration combinedConfig = config.combine(other);
+		assertEquals(Arrays.asList("http://domain.com"), combinedConfig.getAllowedOrigins());
+		assertEquals(Arrays.asList("header1"), combinedConfig.getAllowedHeaders());
+		assertEquals(Arrays.asList("header2"), combinedConfig.getExposedHeaders());
+		assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods());
+		combinedConfig = other.combine(config);
+		assertEquals(Arrays.asList("http://domain.com"), combinedConfig.getAllowedOrigins());
+		assertEquals(Arrays.asList("header1"), combinedConfig.getAllowedHeaders());
+		assertEquals(Arrays.asList("header2"), combinedConfig.getExposedHeaders());
+		assertEquals(Arrays.asList(HttpMethod.PUT.name()), combinedConfig.getAllowedMethods());
 	}
 
 	@Test

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@`
`17`	`17`	`package org.springframework.web.cors;`
`18`	`18`
`19`	`19`	`import java.util.ArrayList;`
`20`		`-import java.util.Arrays;`
`21`	`20`	`import java.util.Collections;`
`22`	`21`	`import java.util.List;`
`23`	`22`
`@@ -103,7 +102,7 @@ public CorsConfiguration combine(CorsConfiguration other) {`
`103`	`102`	`}`
`104`	`103`
`105`	`104`	`private List<String> combine(List<String> source, List<String> other) {`
`106`		`- if (other == null) {`
	`105`	`+ if (other == null \|\| other.contains(ALL)) {`
`107`	`106`	`return source;`
`108`	`107`	`}`
`109`	`108`	`if (source == null \|\| source.contains(ALL)) {`