diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java index c9f6e951914e..9dd0c483b3e6 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java @@ -341,7 +341,7 @@ else if (!allowCredentials.isEmpty()) { "or an empty string (\"\"): current value is [" + allowCredentials + "]"); } - if (annotation.maxAge() >= 0 && config.getMaxAge() == null) { + if (annotation.maxAge() >= 0) { config.setMaxAge(annotation.maxAge()); } } diff --git a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java index aa7f287a4a2f..1a9ad307ec63 100644 --- a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java +++ b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java @@ -29,6 +29,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -37,6 +38,7 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; +import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.reactive.config.EnableWebFlux; import org.springframework.web.testfixture.http.server.reactive.bootstrap.HttpServer; @@ -278,6 +280,19 @@ void ambiguousProducesPreflightRequest(HttpServer httpServer) throws Exception { assertThat(entity.getHeaders().getAccessControlAllowCredentials()).isTrue(); } + @ParameterizedHttpServerTest + void maxAgeWithDefaultOrigin(HttpServer httpServer) throws Exception { + startServer(httpServer); + + this.headers.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + ResponseEntity entity = performOptions("/classAge", this.headers, String.class); + assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); + assertThat(entity.getHeaders().getAccessControlMaxAge()).isEqualTo(10); + + entity = performOptions("/methodAge", this.headers, String.class); + assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); + assertThat(entity.getHeaders().getAccessControlMaxAge()).isEqualTo(100); + } @Configuration @EnableWebFlux @@ -395,4 +410,21 @@ public String baz() { } } + @RestController + @CrossOrigin(maxAge = 10) + private static class MaxAgeWithDefaultOriginController { + + @CrossOrigin + @GetMapping(path = "/classAge") + public String classAge() { + return "classAge"; + } + + @CrossOrigin(maxAge = 100) + @GetMapping(path = "/methodAge") + public String methodAge() { + return "methodAge"; + } + } + } diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java index 4a3b98057c80..549c3e90e285 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java @@ -476,7 +476,7 @@ else if (!allowCredentials.isEmpty()) { "or an empty string (\"\"): current value is [" + allowCredentials + "]"); } - if (annotation.maxAge() >= 0 && config.getMaxAge() == null) { + if (annotation.maxAge() >= 0 ) { config.setMaxAge(annotation.maxAge()); } } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java index 25bb6c5061e9..41a801ee68da 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java @@ -362,6 +362,27 @@ void preFlightRequestWithoutRequestMethodHeader(TestRequestMappingInfoHandlerMap assertThat(mapping.getHandler(request)).isNull(); } + @PathPatternsParameterizedTest + void maxAgeWithDefaultOrigin(TestRequestMappingInfoHandlerMapping mapping) throws Exception { + mapping.registerHandler(new MaxAgeWithDefaultOriginController()); + + this.request.setRequestURI("/classAge"); + HandlerExecutionChain chain = mapping.getHandler(request); + CorsConfiguration config = getCorsConfiguration(chain, false); + assertThat(config).isNotNull(); + assertThat(config.getAllowedMethods()).containsExactly("GET"); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getMaxAge()).isEqualTo(10); + + this.request.setRequestURI("/methodAge"); + chain = mapping.getHandler(request); + config = getCorsConfiguration(chain, false); + assertThat(config).isNotNull(); + assertThat(config.getAllowedMethods()).containsExactly("GET"); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getMaxAge()).isEqualTo(100); + } + @Nullable private CorsConfiguration getCorsConfiguration(@Nullable HandlerExecutionChain chain, boolean isPreFlightRequest) { @@ -490,6 +511,20 @@ public void baz() { } } + @Controller + @CrossOrigin(maxAge = 10) + private static class MaxAgeWithDefaultOriginController { + + @CrossOrigin + @RequestMapping(path = "/classAge", method = RequestMethod.GET) + public void classAge() { + } + + @CrossOrigin(maxAge = 100) + @RequestMapping(path = "/methodAge", method = RequestMethod.GET) + public void methodAge() { + } + } @Controller @CrossOrigin(allowCredentials = "true")