1183 - Added PUT as a default allowed method in CORS (#1184)

mrioan · mraible · commit 70fd06df1c42 · 2017-01-04T08:50:12.000-07:00
diff --git a/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties b/extensions/servlet/src/main/resources/com/stormpath/sdk/servlet/config/web.stormpath.properties
@@ -355,4 +355,4 @@ stormpath.web.cors.enabled = true
 #Comma separated list of allowed origins
 stormpath.web.cors.allowed.originUris =
 stormpath.web.cors.allowed.headers = Content-Type,Accept,X-Requested-With,remember-me
-stormpath.web.cors.allowed.methods = POST,GET,OPTIONS,DELETE
+stormpath.web.cors.allowed.methods = POST,GET,OPTIONS,DELETE,PUT
diff --git a/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/extensions/spring/boot/stormpath-webmvc-spring-boot-starter/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -1024,7 +1024,7 @@
       "name": "stormpath.web.cors.allowed.methods",
       "type": "java.lang.String",
       "description": "Comma separated list of allowed methods for a CORS request.",
-      "defaultValue": "POST,GET,OPTIONS,DELETE"
+      "defaultValue": "POST,GET,OPTIONS,DELETE,PUT"
     }
   ]
 }
diff --git a/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy b/extensions/spring/stormpath-spring-security-webmvc/src/test/groovy/com/stormpath/spring/config/CorsFilterIT.groovy
@@ -106,7 +106,7 @@ class CorsFilterIT extends AbstractTestNGSpringContextTests {
     void testAccessControlRequestMethodRequestFailsForPUT() {
         mvc.perform(options(new URI("/me"))
                     .header("Origin", "http://localhost:3000")
-                    .header("Access-Control-Request-Method", "PUT") //PUT is not allowed
+                    .header("Access-Control-Request-Method", "HEAD") //HEAD is not allowed
                     .accept(MediaType.APPLICATION_JSON))
                 .andExpect(status().is(HttpServletResponse.SC_FORBIDDEN)); //403
 
diff --git a/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java b/extensions/spring/stormpath-spring-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebMvcConfiguration.java
@@ -407,7 +407,7 @@ public abstract class AbstractStormpathWebMvcConfiguration {
     @Value("#{ @environment['stormpath.web.cors.allowed.headers'] ?: 'Content-Type,Accept,X-Requested-With,remember-me' }")
     protected String corsAllowedHeaders;
 
-    @Value("#{ @environment['stormpath.web.cors.allowed.methods'] ?: 'POST,GET,OPTIONS,DELETE' }")
+    @Value("#{ @environment['stormpath.web.cors.allowed.methods'] ?: 'POST,GET,OPTIONS,DELETE,PUT' }")
     protected String corsAllowedMethods;
 
     @Autowired(required = false)

Original file line number	Diff line number	Diff line change
`@@ -1024,7 +1024,7 @@`
`1024`	`1024`	`"name": "stormpath.web.cors.allowed.methods",`
`1025`	`1025`	`"type": "java.lang.String",`
`1026`	`1026`	`"description": "Comma separated list of allowed methods for a CORS request.",`
`1027`		`- "defaultValue": "POST,GET,OPTIONS,DELETE"`
	`1027`	`+ "defaultValue": "POST,GET,OPTIONS,DELETE,PUT"`
`1028`	`1028`	`}`
`1029`	`1029`	`]`
`1030`	`1030`	`}`