From 4accda346d40493ab3e93f9797ddca0e000b3657 Mon Sep 17 00:00:00 2001 From: rusirijayodaillesinghe Date: Wed, 19 Feb 2025 11:44:11 +0530 Subject: [PATCH] Update cors_request_handler sequence to send only the necessary cors-headers values in non-preflight response calls Remove assertions that check for non-mandatory CORS headers in non-preflight HTTP responses. --- .../default/sequences/_cors_request_handler_.xml | 8 ++++---- .../integration/tests/header/CORSHeadersTestCase.java | 10 ---------- .../default/sequences/_cors_request_handler_.xml | 8 ++++---- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/all-in-one-apim/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml b/all-in-one-apim/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml index a4b52dc763..817039750c 100644 --- a/all-in-one-apim/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml +++ b/all-in-one-apim/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml @@ -6,12 +6,12 @@ - + - + @@ -25,11 +25,11 @@ - + - + \ No newline at end of file diff --git a/all-in-one-apim/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java b/all-in-one-apim/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java index c249f6a082..853ee39eec 100644 --- a/all-in-one-apim/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java +++ b/all-in-one-apim/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java @@ -205,16 +205,6 @@ public void CheckCORSHeadersInResponse() throws Exception { assertEquals(header.getValue(), ACCESS_CONTROL_ALLOW_ORIGIN_HEADER_VALUE, ACCESS_CONTROL_ALLOW_ORIGIN_HEADER + " header value mismatch."); - header = pickHeader(responseHeaders, ACCESS_CONTROL_ALLOW_METHODS_HEADER); - assertNotNull(header, ACCESS_CONTROL_ALLOW_METHODS_HEADER + " header is not available in the response."); - assertTrue(ACCESS_CONTROL_ALLOW_METHODS_HEADER_VALUE.contains(header.getValue()), - ACCESS_CONTROL_ALLOW_METHODS_HEADER + " header value mismatch."); - - header = pickHeader(responseHeaders, ACCESS_CONTROL_ALLOW_HEADERS_HEADER); - assertNotNull(header, ACCESS_CONTROL_ALLOW_HEADERS_HEADER + " header is not available in the response."); - assertEquals(header.getValue(), ACCESS_CONTROL_ALLOW_HEADERS_HEADER_VALUE, - ACCESS_CONTROL_ALLOW_HEADERS_HEADER + " header value mismatch."); - assertNull(pickHeader(responseHeaders, ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER), ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER + " header is available in the response, " + "but it should not be."); diff --git a/gateway/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml b/gateway/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml index a4b52dc763..817039750c 100644 --- a/gateway/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml +++ b/gateway/modules/distribution/product/src/main/conf/synapse-configs/default/sequences/_cors_request_handler_.xml @@ -6,12 +6,12 @@ - + - + @@ -25,11 +25,11 @@ - + - + \ No newline at end of file