From 279f66c7ae9b3f3988087cd3fb3806db73298d0b Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 28 Dec 2016 19:09:34 -0300 Subject: [PATCH] 1183 - Added PUT as a default allowed method in CORS --- .../com/stormpath/sdk/servlet/config/web.stormpath.properties | 2 +- .../META-INF/additional-spring-configuration-metadata.json | 2 +- .../test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy | 2 +- .../spring/config/AbstractStormpathWebMvcConfiguration.java | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties b/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties index 91dab38168..460014f4ef 100644 --- a/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties +++ b/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties @@ -355,4 +355,4 @@ stormpath.web.cors.enabled = true #Comma separated list of allowed origins stormpath.web.cors.allowed.originUris = stormpath.web.cors.allowed.headers = Content-Type,Accept,X-Requested-With,remember-me -stormpath.web.cors.allowed.methods = POST,GET,OPTIONS,DELETE +stormpath.web.cors.allowed.methods = POST,GET,OPTIONS,DELETE,PUT diff --git a/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json index 882851a7d1..85b30e6a12 100644 --- a/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json +++ b/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -1024,7 +1024,7 @@ "name": "stormpath.web.cors.allowed.methods", "type": "java.lang.String", "description": "Comma separated list of allowed methods for a CORS request.", - "defaultValue": "POST,GET,OPTIONS,DELETE" + "defaultValue": "POST,GET,OPTIONS,DELETE,PUT" } ] } diff --git a/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy b/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy index 76dd867e99..dd5d535c03 100644 --- a/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy +++ b/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy @@ -106,7 +106,7 @@ class CorsFilterIT extends AbstractTestNGSpringContextTests { void testAccessControlRequestMethodRequestFailsForPUT() { mvc.perform(options(new URI("/me")) .header("Origin", "http://localhost:3000") - .header("Access-Control-Request-Method", "PUT") //PUT is not allowed + .header("Access-Control-Request-Method", "HEAD") //HEAD is not allowed .accept(MediaType.APPLICATION_JSON)) .andExpect(status().is(HttpServletResponse.SC_FORBIDDEN)); //403 diff --git a/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java b/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java index 3c94b1d635..72d076f220 100644 --- a/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java +++ b/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java @@ -407,7 +407,7 @@ public abstract class AbstractStormpathWebMvcConfiguration { @Value("#{ @environment['stormpath.web.cors.allowed.headers'] ?: 'Content-Type,Accept,X-Requested-With,remember-me' }") protected String corsAllowedHeaders; - @Value("#{ @environment['stormpath.web.cors.allowed.methods'] ?: 'POST,GET,OPTIONS,DELETE' }") + @Value("#{ @environment['stormpath.web.cors.allowed.methods'] ?: 'POST,GET,OPTIONS,DELETE,PUT' }") protected String corsAllowedMethods; @Autowired(required = false)