svn commit: r1659043 - in /tomcat/trunk: java/org/apache/catalina/filters/CorsFilter.java test/org/apache/catalina/filters/TestCorsFilter.java

Wed, 11 Feb 2015 11:19:48 -0800 

Author: markt
Date: Wed Feb 11 19:18:46 2015
New Revision: 1659043

URL: http://svn.apache.org/r1659043
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57534
CORS Filter should only look at media type component of content type

Modified:
    tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
    tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java

Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1659043&r1=1659042&r2=1659043&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed Feb 11 
19:18:46 2015
@@ -639,11 +639,10 @@ public final class CorsFilter implements
                     } else if ("GET".equals(method) || "HEAD".equals(method)) {
                         requestType = CORSRequestType.SIMPLE;
                     } else if ("POST".equals(method)) {
-                        String contentType = request.getContentType();
-                        if (contentType != null) {
-                            contentType = contentType.toLowerCase().trim();
+                        String mediaType = 
getMediaType(request.getContentType());
+                        if (mediaType != null) {
                             if (SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES
-                                    .contains(contentType)) {
+                                    .contains(mediaType)) {
                                 requestType = CORSRequestType.SIMPLE;
                             } else {
                                 requestType = CORSRequestType.ACTUAL;
@@ -662,6 +661,23 @@ public final class CorsFilter implements
     }
 
 
+    /*
+     * Return the lower case, trimmed value of the media type from the content
+     * type.
+     */
+    private String getMediaType(String contentType) {
+        if (contentType == null) {
+            return null;
+        }
+        String result = contentType.toLowerCase();
+        int firstSemiColonIndex = result.indexOf(';');
+        if (firstSemiColonIndex > -1) {
+            result = result.substring(0, firstSemiColonIndex);
+        }
+        result = result.trim();
+        return result;
+    }
+
     /**
      * Checks if the Origin is allowed to make a CORS request.
      *
@@ -1028,7 +1044,9 @@ public final class CorsFilter implements
     }
 
     /**
-     * {@link Collection} of Simple HTTP request headers. Case in-sensitive.
+     * {@link Collection} of media type values for the Content-Type header that
+     * will be treated as 'simple'. Note media-type values are compared 
ignoring
+     * parameters and in a case-insensitive manner.
      *
      * @see  <a href="http://www.w3.org/TR/cors/#terminology";
      *       >http://www.w3.org/TR/cors/#terminology</a>

Modified: tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java?rev=1659043&r1=1659042&r2=1659043&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java (original)
+++ tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java Wed Feb 
11 19:18:46 2015
@@ -1466,9 +1466,28 @@ public class TestCorsFilter {
                 .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE));
     }
 
+    /*
+     * A CORS request arrives with a "null" origin which is allowed by default.
+     */
     @Test
-    public void testDestroy() {
-        // Nothing to test.
-        // NO-OP
+    public void testContentTypeWithParameter() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+
+        request.setMethod("POST");
+        request.setContentType("text/plain;charset=UTF-8");
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN, "null");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.SIMPLE, requestType);
+
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                
CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
     }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to