|
|
|
|
@ -51,13 +51,13 @@ public class CorsSampleActuatorApplicationTests {
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void sensitiveEndpointShouldReturnUnauthorized() throws Exception {
|
|
|
|
|
ResponseEntity<Map> entity = this.testRestTemplate.getForEntity("/env", Map.class);
|
|
|
|
|
ResponseEntity<Map> entity = this.testRestTemplate.getForEntity("/application/env", Map.class);
|
|
|
|
|
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void preflightRequestForInsensitiveShouldReturnOk() throws Exception {
|
|
|
|
|
RequestEntity<?> healthRequest = RequestEntity.options(new URI("/health"))
|
|
|
|
|
RequestEntity<?> healthRequest = RequestEntity.options(new URI("/application/health"))
|
|
|
|
|
.header("Origin","http://localhost:8080")
|
|
|
|
|
.header("Access-Control-Request-Method", "GET")
|
|
|
|
|
.build();
|
|
|
|
|
@ -67,7 +67,7 @@ public class CorsSampleActuatorApplicationTests {
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void preflightRequestForSensitiveEndpointShouldReturnOk() throws Exception {
|
|
|
|
|
RequestEntity<?> entity = RequestEntity.options(new URI("/env"))
|
|
|
|
|
RequestEntity<?> entity = RequestEntity.options(new URI("/application/env"))
|
|
|
|
|
.header("Origin","http://localhost:8080")
|
|
|
|
|
.header("Access-Control-Request-Method", "GET")
|
|
|
|
|
.build();
|
|
|
|
|
@ -77,7 +77,7 @@ public class CorsSampleActuatorApplicationTests {
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void preflightRequestWhenCorsConfigInvalidShouldReturnForbidden() throws Exception {
|
|
|
|
|
RequestEntity<?> entity = RequestEntity.options(new URI("/health"))
|
|
|
|
|
RequestEntity<?> entity = RequestEntity.options(new URI("/application/health"))
|
|
|
|
|
.header("Origin","http://localhost:9095")
|
|
|
|
|
.header("Access-Control-Request-Method", "GET")
|
|
|
|
|
.build();
|
|
|
|
|
|
Madhura Bhave
7 years ago