Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2853201 by hampercm, dawehner: [upstream] CORS breaks form submission unless allowed origins includes site's own host

8.4.x
Alex Pott 2017-04-22 13:12:09 +01:00
parent f7520a2969
commit 453d552da9
3 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
composer.lock generated
View File

@ -8,27 +8,36 @@
"packages": [ "packages": [
{ {
"name": "asm89/stack-cors", "name": "asm89/stack-cors",
"version": "1.0.0", "version": "1.1.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/asm89/stack-cors.git", "url": "https://github.com/asm89/stack-cors.git",
"reference": "3ae8ef219bb4c9a6caf857421719aa07fa7776cc" "reference": "65ccbd455370f043c2e3b93482a3813603d68731"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/3ae8ef219bb4c9a6caf857421719aa07fa7776cc", "url": "https://api.github.com/repos/asm89/stack-cors/zipball/65ccbd455370f043c2e3b93482a3813603d68731",
"reference": "3ae8ef219bb4c9a6caf857421719aa07fa7776cc", "reference": "65ccbd455370f043c2e3b93482a3813603d68731",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=5.3.2", "php": ">=5.5.9",
"symfony/http-foundation": "~2.1|~3.0", "symfony/http-foundation": "~2.7|~3.0",
"symfony/http-kernel": "~2.1|~3.0" "symfony/http-kernel": "~2.7|~3.0"
},
"require-dev": {
"phpunit/phpunit": "^5.0 || ^4.8.10",
"squizlabs/php_codesniffer": "^2.3"
}, },
"type": "library", "type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.1-dev"
}
},
"autoload": { "autoload": {
"psr-0": { "psr-4": {
"Asm89\\Stack": "src/" "Asm89\\Stack\\": "src/Asm89/Stack/"
} }
}, },
"notification-url": "https://packagist.org/downloads/", "notification-url": "https://packagist.org/downloads/",
@ -47,7 +56,7 @@
"cors", "cors",
"stack" "stack"
], ],
"time": "2016-08-01T12:05:04+00:00" "time": "2017-04-11T20:03:41+00:00"
}, },
{ {
"name": "composer/installers", "name": "composer/installers",

2
core/composer.json
View File

@ -32,7 +32,7 @@
"zendframework/zend-diactoros": "~1.1", "zendframework/zend-diactoros": "~1.1",
"composer/semver": "~1.0", "composer/semver": "~1.0",
"paragonie/random_compat": "^1.0|^2.0", "paragonie/random_compat": "^1.0|^2.0",
"asm89/stack-cors": "~1.0" "asm89/stack-cors": "~1.1"
}, },
"conflict": { "conflict": {
"drush/drush": "<8.1.10" "drush/drush": "<8.1.10"

14
core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
View File

@ -2,6 +2,7 @@
namespace Drupal\FunctionalTests\HttpKernel; namespace Drupal\FunctionalTests\HttpKernel;
use Drupal\Core\Url;
use Drupal\Tests\BrowserTestBase; use Drupal\Tests\BrowserTestBase;
/** /**
@ -72,6 +73,19 @@ class CorsIntegrationTest extends BrowserTestBase {
$this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
$this->assertSession()->statusCodeEquals(200); $this->assertSession()->statusCodeEquals(200);
$this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
// Verify POST still functions with 'Origin' header set to site's domain.
$origin = \Drupal::request()->getSchemeAndHttpHost();
/** @var \GuzzleHttp\ClientInterface $httpClient */
$httpClient = $this->getSession()->getDriver()->getClient()->getClient();
$url = Url::fromUri('base:/test-page');
$response = $httpClient->request('POST', $url->setAbsolute()->toString(), [
'headers' => [
'Origin' => $origin,
]
]);
$this->assertEquals(200, $response->getStatusCode());
} }
} }