mirrors
/
gwtquery
mirror of https://github.com/ArcBees/gwtquery.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Browse Source

Dont set credentials by default for ajax requests. Fixes issue #261

tags/gwtquery-project-1.4.3
Manolo Carrasco 10 years ago
parent
f4b20ca9e4
commit
6df7c6a8f2
6 changed files with 59 additions and 5 deletions
Unified View Show Diff Stats
  1. 2
    0
      gwtquery-core/src/main/java/com/google/gwt/query/client/plugins/ajax/Ajax.java
  2. 1
    1
      gwtquery-core/src/main/java/com/google/gwt/query/client/plugins/deferred/PromiseReqBuilder.java
  3. 7
    2
      gwtquery-core/src/main/java/com/google/gwt/query/vm/AjaxTransportJre.java
  4. 1
    0
      gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java
  5. 45
    1
      gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java
  6. 3
    1
      gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java

+ 2
- 0
gwtquery-core/src/main/java/com/google/gwt/query/client/plugins/ajax/Ajax.java View File

String getType(); String getType();
String getUrl(); String getUrl();
String getUsername(); String getUsername();
boolean getWithCredentials();
Settings setContentType(String t); Settings setContentType(String t);
Settings setContext(Element e); Settings setContext(Element e);
Settings setData(Object p); Settings setData(Object p);
Settings setType(String t); Settings setType(String t);
Settings setUrl(String u); Settings setUrl(String u);
Settings setUsername(String u); Settings setUsername(String u);
Settings setWithCredentials(boolean b);
} }


public static final Class<Ajax> Ajax = registerPlugin(Ajax.class, new Plugin<Ajax>() { public static final Class<Ajax> Ajax = registerPlugin(Ajax.class, new Plugin<Ajax>() {

+ 1
- 1
gwtquery-core/src/main/java/com/google/gwt/query/client/plugins/deferred/PromiseReqBuilder.java View File



// Using gQuery to set credentials since this method was added in 2.5.1 // Using gQuery to set credentials since this method was added in 2.5.1
// xmlHttpRequest.setWithCredentials(true); // xmlHttpRequest.setWithCredentials(true);
JsUtils.prop(xmlHttpRequest, "withCredentials", true);
JsUtils.prop(xmlHttpRequest, "withCredentials", settings.getWithCredentials());
final Request request = createRequestVltr(xmlHttpRequest, settings.getTimeout(), this); final Request request = createRequestVltr(xmlHttpRequest, settings.getTimeout(), this);

+ 7
- 2
gwtquery-core/src/main/java/com/google/gwt/query/vm/AjaxTransportJre.java View File

} }
int code = c.getResponseCode(); int code = c.getResponseCode();
if (isCORS && !localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) {
code = 0;
if (isCORS) {
if (!localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) {
code = 0;
}
if (s.getWithCredentials() && c.getHeaderField("Access-Control-Allow-Credentials") == null) {
code = 0;
}
} }
BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream())); BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream()));

+ 1
- 0
gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java View File

echoUrl = localDomain + "/" + servletPath; echoUrl = localDomain + "/" + servletPath;
echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true"; echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true";

startWebServer(port); startWebServer(port);
} }

+ 45
- 1
gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java View File

*/ */
package com.google.gwt.query.client.ajax; package com.google.gwt.query.client.ajax;


import junit.framework.Assert;

import com.google.gwt.http.client.Response; import com.google.gwt.http.client.Response;
import com.google.gwt.junit.DoNotRunWith; import com.google.gwt.junit.DoNotRunWith;
import com.google.gwt.junit.Platform; import com.google.gwt.junit.Platform;
.setData(jsonGET) .setData(jsonGET)
.setDataType("json"); .setDataType("json");


performAjaxJsonTest_CORS(s);
performAjaxJsonTest_CORS(s)
.done(new Function() {
public void f() {
Response r = arguments(3);
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin"));
Assert.assertNull(r.getHeader("Access-Control-Allow-Credentials"));
}
});
}
@DoNotRunWith(Platform.HtmlUnitBug)
public void testAjaxJsonGet_CORS_WithCredentials_Supported() {
Settings s = Ajax.createSettings()
.setType("get")
// Enable credentials in servlet
.setUrl(echoUrlCORS + "&credentials=true")
.setData(jsonGET)
.setDataType("json")
.setWithCredentials(true);

performAjaxJsonTest_CORS(s)
.done(new Function() {
public void f() {
Response r = arguments(3);
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin"));
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Credentials"));
}
});
}
@DoNotRunWith(Platform.HtmlUnitBug)
public void testAjaxJsonGet_CORS_WithCredentials_Unsupported() {
Settings s = Ajax.createSettings()
.setType("get")
// Disable credentials in servlet
.setUrl(echoUrlCORS)
.setData(jsonGET)
.setDataType("json")
.setWithCredentials(true);
Ajax.ajax(s)
.fail(finishFunction)
.done(failFunction);
} }
public void testAjaxGetJsonP() { public void testAjaxGetJsonP() {

+ 3
- 1
gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java View File

String origin = req.getHeader("Origin"); String origin = req.getHeader("Origin");
if ("true".equals(req.getParameter("cors")) && origin != null) { if ("true".equals(req.getParameter("cors")) && origin != null) {
resp.addHeader("Access-Control-Allow-Origin", origin); resp.addHeader("Access-Control-Allow-Origin", origin);
resp.addHeader("Access-Control-Allow-Credentials", "true");
if ("true".equals(req.getParameter("credentials"))) {
resp.addHeader("Access-Control-Allow-Credentials", "true");
}
String method = req.getHeader("Access-Control-Request-Method"); String method = req.getHeader("Access-Control-Request-Method");
if (method != null) { if (method != null) {
resp.addHeader("Access-Control-Allow-Methods", method); resp.addHeader("Access-Control-Allow-Methods", method);

Write Preview
Loading…
Cancel
Save