Polish CORS support

9 years ago · 882fe129f3
parent 9c46228a97
commit 882fe129f3
4 changed files with 9 additions and 14 deletions
--- a/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
+++ b/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java
@ -39,7 +39,7 @@ import org.springframework.core.annotation.AliasFor;
@Documented
 public @interface CrossOrigin {

-	String[] DEFAULT_ORIGIN = { "*" };
+	String[] DEFAULT_ORIGINS = { "*" };

 	String[] DEFAULT_ALLOWED_HEADERS = { "*" };

--- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
+++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
@ -42,11 +42,6 @@ public class CorsConfiguration {
 	 */
 	public static final String ALL = "*";

-	/**
-	 * Default maximum age (30 minutes).
-	 */
-	public static final Long DEFAULT_MAX_AGE = Long.valueOf(1800);
-
 	private List<String> allowedOrigins;

 	private List<String> allowedMethods;
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java
@ -20,6 +20,7 @@ import java.util.ArrayList;
 import java.util.Arrays;

 import org.springframework.http.HttpMethod;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.cors.CorsConfiguration;

 /**
@ -49,13 +50,12 @@ public class CorsRegistration {
 		this.pathPattern = pathPattern;
 		// Same implicit default values as the @CrossOrigin annotation + allows simple methods
 		this.config = new CorsConfiguration();
-		this.config.addAllowedOrigin(CorsConfiguration.ALL);
-		this.config.addAllowedMethod(HttpMethod.GET);
-		this.config.addAllowedMethod(HttpMethod.HEAD);
-		this.config.addAllowedMethod(HttpMethod.POST);
-		this.config.addAllowedHeader(CorsConfiguration.ALL);
-		this.config.setAllowCredentials(Boolean.TRUE);
-		this.config.setMaxAge(CorsConfiguration.DEFAULT_MAX_AGE);
+		this.config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
+		this.config.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(),
+				HttpMethod.HEAD.name(), HttpMethod.POST.name()));
+		this.config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
+		this.config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
+		this.config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
 	}

 	public CorsRegistration allowedOrigins(String... origins) {
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
@ -300,7 +300,7 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
 		updateCorsConfig(config, methodAnnotation);

 		if (CollectionUtils.isEmpty(config.getAllowedOrigins())) {
-			config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGIN));
+			config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
 		}
 		if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
 			for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {