luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Don't duplicate CORS headers (#6207) 

Fixes #6182
This commit is contained in:
Jeff Mitchell 2019-02-11 13:10:26 -05:00 committed by GitHub
parent ebf57b15b4
commit 5fa9e48b21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vault/cors.go
View File

@ -108,7 +108,7 @@ func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string
c.AllowedOrigins = urls
// Start with the standard headers to Vault accepts.
c.AllowedHeaders = append(c.AllowedHeaders, StdAllowedHeaders...)
c.AllowedHeaders = append([]string{}, StdAllowedHeaders...)
// Allow the user to add additional headers to the list of
// headers allowed on cross-origin requests.

19
vault/logical_system_test.go
View File

@ -94,6 +94,25 @@ func TestSystemConfigCORS(t *testing.T) {
t.Fatalf("bad: %#v", actual)
}
// Do it again. Bug #6182
req = logical.TestRequest(t, logical.UpdateOperation, "config/cors")
req.Data["allowed_origins"] = "http://www.example.com"
req.Data["allowed_headers"] = "X-Custom-Header"
_, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatal(err)
}
req = logical.TestRequest(t, logical.ReadOperation, "config/cors")
actual, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
req = logical.TestRequest(t, logical.DeleteOperation, "config/cors")
_, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {