Skip to content
Snippets Groups Projects
Unverified Commit 3db8f620 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3128982 by davidwbarratt, Spokje, andypost, Barryvdh, larowlan, catch,... 

Issue #3128982 by davidwbarratt, Spokje, andypost, Barryvdh, larowlan, catch, alexpott: Upgrade asm89/stack-cors to ^2.0 to fix cacheability
parent 31e08766
No related branches found
No related tags found
38 merge requests!7471uncessary 5 files are moved from media-library folder to misc folder,!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!54479.5.x SF update,!5014Issue #3071143: Table Render Array Example Is Incorrect,!4868Issue #1428520: Improve menu parent link selection,!4289Issue #1344552 by marcingy, Niklas Fiekas, Ravi.J, aleevas, Eduardo Morales...,!4114Issue #2707291: Disable body-level scrolling when a dialog is open as a modal,!3630Issue #2815301 by Chi, DanielVeza, kostyashupenko, smustgrave: Allow to create...,!3291Issue #3336463: Rewrite rules for gzipped CSS and JavaScript aggregates never match,!3143Issue #3313342: [PHP 8.1] Deprecated function: strpos(): Passing null to parameter #1 LayoutBuilderUiCacheContext.php on line 28,!3102Issue #3164428 by DonAtt, longwave, sahil.goyal, Anchal_gupta, alexpott: Use...,!2853#3274419 Makes BaseFieldOverride inherit the internal property from the base field.,!2719Issue #3110137: Remove Classy from core.,!2437Issue #3238257 by hooroomoo, Wim Leers: Fragment link pointing to <textarea>...,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2074Issue #2707689: NodeForm::actions() checks for delete access on new entities,!2062Issue #3246454: Add weekly granularity to views date sort,!1974Issue #3036862 demonstration,!1591Issue #3199697: Add JSON:API Translation experimental module,!1484Exposed filters get values from URL when Ajax is on,!1255Issue #3238922: Refactor (if feasible) uses of the jQuery serialize function to use vanillaJS,!1254Issue #3238915: Refactor (if feasible) uses of the jQuery ready function to use VanillaJS,!1162Issue #3100350: Unable to save '/' root path alias,!1073issue #3191727: Focus states on mobile second level navigation items fixed,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!957Added throwing of InvalidPluginDefinitionException from getDefinition().,!925Issue #2339235: Remove taxonomy hard dependency on node module,!877Issue #2708101: Default value for link text is not saved,!873Issue #2875228: Site install not using batch API service,!872Draft: Issue #3221319: Race condition when creating menu links and editing content deletes menu links,!844Resolve #3036010 "Updaters",!712Issue #2909128: Autocomplete intermittent on Chrome Android,!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493,!485Sets the autocomplete attribute for username/password input field on login form.,!30Issue #3182188: Updates composer usage to point at ./vendor/bin/composer
Hide whitespace changes
Inline Side-by-side
composer.lock
+ 15
15
View file @ 3db8f620
......@@ -8,36 +8,36 @@
"packages": [
{
"name": "asm89/stack-cors",
"version": "1.3.0",
"version": "v2.0.5",
"source": {
"type": "git",
"url": "https://github.com/asm89/stack-cors.git",
"reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08"
"reference": "7a198ec737e926eab15d29368fc6fff66772b0e2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/b9c31def6a83f84b4d4a40d35996d375755f0e08",
"reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/7a198ec737e926eab15d29368fc6fff66772b0e2",
"reference": "7a198ec737e926eab15d29368fc6fff66772b0e2",
"shasum": ""
},
"require": {
"php": ">=5.5.9",
"symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0",
"symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0"
"php": "^7.0|^8.0",
"symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0|~6.0",
"symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0|~6.0"
},
"require-dev": {
"phpunit/phpunit": "^5.0 || ^4.8.10",
"squizlabs/php_codesniffer": "^2.3"
"phpunit/phpunit": "^6|^7|^8|^9",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.2-dev"
"dev-master": "2.0-dev"
}
},
"autoload": {
"psr-4": {
"Asm89\\Stack\\": "src/Asm89/Stack/"
"Asm89\\Stack\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
......@@ -58,9 +58,9 @@
],
"support": {
"issues": "https://github.com/asm89/stack-cors/issues",
"source": "https://github.com/asm89/stack-cors/tree/1.3.0"
"source": "https://github.com/asm89/stack-cors/tree/v2.0.5"
},
"time": "2019-12-24T22:41:47+00:00"
"time": "2022-01-03T15:27:13+00:00"
},
{
"name": "composer/installers",
......@@ -452,10 +452,10 @@
"dist": {
"type": "path",
"url": "core",
"reference": "7963aa1162a3808d6d854bbba38a125121839b66"
"reference": "0c0d32e4674b75c965916f8ec909674a0b9dd3e9"
},
"require": {
"asm89/stack-cors": "^1.1",
"asm89/stack-cors": "^2.0.2",
"composer/semver": "^3.0",
"doctrine/annotations": "^1.12",
"egulias/email-validator": "^2.1.22|^3.0",
......
composer/Metapackage/CoreRecommended/composer.json
+ 1
1
View file @ 3db8f620
......@@ -8,7 +8,7 @@
},
"require": {
"drupal/core": "10.0.x-dev",
"asm89/stack-cors": "1.3.0",
"asm89/stack-cors": "v2.0.5",
"composer/semver": "3.2.6",
"doctrine/annotations": "1.13.2",
"doctrine/lexer": "1.2.1",
......
core/composer.json
+ 1
1
View file @ 3db8f620
......@@ -42,7 +42,7 @@
"masterminds/html5": "^2.1",
"symfony/psr-http-message-bridge": "^2.0",
"composer/semver": "^3.0",
"asm89/stack-cors": "^1.1",
"asm89/stack-cors": "^2.0.2",
"pear/archive_tar": "^1.4.14",
"psr/log": "^1.0"
},
......
core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
+ 36
6
View file @ 3db8f620
......@@ -48,21 +48,24 @@ public function testCrossSiteRequest() {
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*');
$this->assertSession()->responseHeaderNotContains('Vary', 'Origin');
// Fire the same exact request. This time it should be cached.
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*');
$this->assertSession()->responseHeaderNotContains('Vary', 'Origin');
// Fire a request for a different origin. Verify the CORS header.
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.org']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.org');
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*');
$this->assertSession()->responseHeaderNotContains('Vary', 'Origin');
// Configure the CORS stack to allow a specific set of origins.
// Configure the CORS stack to allow a specific origin.
$cors_config['allowedOrigins'] = ['http://example.com'];
$this->setContainerParameter('cors.config', $cors_config);
......@@ -71,13 +74,40 @@ public function testCrossSiteRequest() {
// Fire a request from an origin that isn't allowed.
/** @var \Symfony\Component\HttpFoundation\Response $response */
$this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']);
$this->assertSession()->statusCodeEquals(403);
$this->assertSession()->pageTextContains('Not allowed.');
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
$this->assertSession()->responseHeaderNotContains('Vary', 'Origin');
// Specify a valid origin.
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
$this->assertSession()->responseHeaderNotContains('Vary', 'Origin');
// Configure the CORS stack to allow a specific set of origins.
$cors_config['allowedOrigins'] = ['http://example.com', 'https://drupal.org'];
$this->setContainerParameter('cors.config', $cors_config);
$this->rebuildContainer();
// Fire a request from an origin that isn't allowed.
/** @var \Symfony\Component\HttpFoundation\Response $response */
$this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', NULL);
$this->assertSession()->responseHeaderContains('Vary', 'Origin');
// Specify a valid origin.
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
$this->assertSession()->responseHeaderContains('Vary', 'Origin');
// Specify a valid origin.
$this->drupalGet('/test-page', [], ['Origin' => 'https://drupal.org']);
$this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'https://drupal.org');
$this->assertSession()->responseHeaderContains('Vary', 'Origin');
// Verify POST still functions with 'Origin' header set to site's domain.
$origin = \Drupal::request()->getSchemeAndHttpHost();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment