1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2024-11-26 19:41:12 +00:00

fix panic in cors if request does not contain origin header and send_wildcard is not set

This commit is contained in:
Nikolay Kim 2018-03-10 08:31:20 -08:00
parent 84ef5ee410
commit 4263574a58
2 changed files with 22 additions and 2 deletions

View file

@ -4,6 +4,8 @@
* Fix client cookie handling
* Fix CORS middleware #117
* Optimize websockets stream support

View file

@ -349,8 +349,7 @@ impl<S> Middleware<S> for Cors {
if self.send_wildcard {
resp.headers_mut().insert(
header::ACCESS_CONTROL_ALLOW_ORIGIN, HeaderValue::from_static("*"));
} else {
let origin = req.headers().get(header::ORIGIN).unwrap();
} else if let Some(origin) = req.headers().get(header::ORIGIN) {
resp.headers_mut().insert(
header::ACCESS_CONTROL_ALLOW_ORIGIN, origin.clone());
}
@ -807,6 +806,25 @@ mod tests {
assert!(cors.start(&mut req).unwrap().is_done());
}
#[test]
fn test_no_origin_response() {
let cors = Cors::build().finish().unwrap();
let mut req = TestRequest::default().method(Method::GET).finish();
let resp: HttpResponse = HttpOk.into();
let resp = cors.response(&mut req, resp).unwrap().response();
assert!(resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).is_none());
let mut req = TestRequest::with_header(
"Origin", "https://www.example.com")
.method(Method::OPTIONS)
.finish();
let resp = cors.response(&mut req, resp).unwrap().response();
assert_eq!(
&b"https://www.example.com"[..],
resp.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN).unwrap().as_bytes());
}
#[test]
fn test_response() {
let cors = Cors::build()