Java Code Examples for org.apache.http.client.methods.HttpOptions#reset()

The following examples show how to use org.apache.http.client.methods.HttpOptions#reset() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CrossOriginResourceSharingResponseTest.java    From s3proxy with Apache License 2.0 4 votes vote down vote up
@Test
public void testCorsPreflightNegative() throws Exception {
    // No CORS headers
    HttpOptions request = new HttpOptions(presignedGET);
    HttpResponse response = httpClient.execute(request);
    /*
     * For non presigned URLs that should give a 400, but the
     * Access-Control-Request-Method header is needed for presigned URLs
     * to calculate the same signature. If this is missing it fails already
     * with 403 - Signature mismatch before processing the OPTIONS request
     * See testCorsPreflightPublicRead for that cases
     */
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_FORBIDDEN);

    // Not allowed origin
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.org");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_FORBIDDEN);

    // Not allowed method
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_FORBIDDEN);

    // Not allowed header
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
          "Accept-Encoding");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_FORBIDDEN);

    // Not allowed header combination
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
            "Accept, Accept-Encoding");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_FORBIDDEN);
}
 
Example 2
Source File: CrossOriginResourceSharingResponseTest.java    From s3proxy with Apache License 2.0 4 votes vote down vote up
@Test
public void testCorsPreflight() throws Exception {
    // Allowed origin and method
    HttpOptions request = new HttpOptions(presignedGET);
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    HttpResponse response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_OK);
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN).getValue())
            .isEqualTo("https://example.com");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
            .isEqualTo("GET, PUT");

    // Allowed origin, method and header
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Accept");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_OK);
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN).getValue())
            .isEqualTo("https://example.com");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
            .isEqualTo("GET, PUT");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
            .isEqualTo("Accept");

    // Allowed origin, method and header combination
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
            "Accept, Content-Type");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_OK);
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN).getValue())
            .isEqualTo("https://example.com");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
            .isEqualTo("GET, PUT");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
            .isEqualTo("Accept, Content-Type");
}
 
Example 3
Source File: CrossOriginResourceSharingResponseTest.java    From s3proxy with Apache License 2.0 4 votes vote down vote up
@Test
public void testCorsPreflightPublicRead() throws Exception {
    // No CORS headers
    HttpOptions request = new HttpOptions(publicGET);
    HttpResponse response = httpClient.execute(request);

    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_BAD_REQUEST);

    // Not allowed method
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_BAD_REQUEST);

    // Allowed origin and method
    request.reset();
    request.setHeader(HttpHeaders.ORIGIN, "https://example.com");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
    request.setHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS,
            "Accept, Content-Type");
    response = httpClient.execute(request);
    assertThat(response.getStatusLine().getStatusCode())
            .isEqualTo(HttpStatus.SC_OK);
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN).getValue())
            .isEqualTo("https://example.com");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
            .isEqualTo("GET, PUT");
    assertThat(response.containsHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)).isTrue();
    assertThat(response.getFirstHeader(
            HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).getValue())
            .isEqualTo("Accept, Content-Type");
}