public void testThatOmittingCorsHeaderDoesNotReturnAnything() throws Exception {
HttpResponse response = httpClient().method("GET").path("/").execute();
assertThat(response.getStatusCode(), is(200));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Credentials")));
}
void runUpgrade(String path, String... params) throws Exception {
assert params.length % 2 == 0;
HttpRequestBuilder builder = httpClient().method("POST").path(path);
for (int i = 0; i < params.length; i += 2) {
builder.addParam(params[i], params[i + 1]);
}
HttpResponse rsp = builder.execute();
assertNotNull(rsp);
assertEquals(200, rsp.getStatusCode());
}
public void testThatRegularExpressionReturnsForbiddenOnNonMatch() throws Exception {
HttpResponse response =
httpClient()
.method("GET")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", "http://evil-host:9200")
.execute();
// a rejected origin gets a FORBIDDEN - 403
assertThat(response.getStatusCode(), is(403));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
}
public void testThatPreFlightRequestWorksOnMatch() throws Exception {
String corsValue = "http://localhost:9200";
HttpResponse response =
httpClient()
.method("OPTIONS")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", corsValue)
.addHeader(HttpHeaders.Names.ACCESS_CONTROL_REQUEST_METHOD, "GET")
.execute();
assertResponseWithOriginheader(response, corsValue);
assertThat(response.getHeaders(), hasKey("Access-Control-Allow-Methods"));
}
public void testThatPreFlightRequestReturnsNullOnNonMatch() throws Exception {
HttpResponse response =
httpClient()
.method("OPTIONS")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", "http://evil-host:9200")
.addHeader(HttpHeaders.Names.ACCESS_CONTROL_REQUEST_METHOD, "GET")
.execute();
// a rejected origin gets a FORBIDDEN - 403
assertThat(response.getStatusCode(), is(403));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Methods")));
}
public void testCorsSettingDefaultBehaviourDoesNotReturnAnything() throws Exception {
String corsValue = "http://localhost:9200";
HttpResponse response =
httpClient()
.method("GET")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", corsValue)
.execute();
assertThat(response.getStatusCode(), is(200));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Credentials")));
}
@Test
public void testThatErrorTraceWorksByDefault() throws Exception {
// Make the HTTP request
HttpResponse response =
new HttpRequestBuilder(HttpClients.createDefault())
.httpTransport(internalCluster().getDataNodeInstance(HttpServerTransport.class))
.path("/")
.addParam("error_trace", "true")
.method(HttpDeleteWithEntity.METHOD_NAME)
.execute();
assertThat(response.getHeaders().get("Content-Type"), containsString("application/json"));
assertThat(
response.getBody(), containsString("\"error_trace\":{\"message\":\"Validation Failed"));
}
private void assertPluginAvailable(String pluginName) throws InterruptedException, IOException {
final HttpRequestBuilder httpRequestBuilder = getHttpRequestBuilder();
// checking that the http connector is working properly
// We will try it for some seconds as it could happen that the REST interface is not yet fully
// started
assertThat(
awaitBusy(
new Predicate<Object>() {
@Override
public boolean apply(Object obj) {
try {
HttpResponse response = httpRequestBuilder.method("GET").path("/").execute();
if (response.getStatusCode() != RestStatus.OK.getStatus()) {
// We want to trace what's going on here before failing the test
logger.info(
"--> error caught [{}], headers [{}]",
response.getStatusCode(),
response.getHeaders());
logger.info(
"--> cluster state [{}]", internalCluster().clusterService().state());
return false;
}
return true;
} catch (IOException e) {
throw new ElasticsearchException("HTTP problem", e);
}
}
},
5,
TimeUnit.SECONDS),
equalTo(true));
// checking now that the plugin is available
HttpResponse response =
getHttpRequestBuilder().method("GET").path("/_plugin/" + pluginName + "/").execute();
assertThat(response, notNullValue());
assertThat(
response.getReasonPhrase(), response.getStatusCode(), equalTo(RestStatus.OK.getStatus()));
}
private boolean isDownloadServiceWorking(String host, int port, String resource) {
try {
String protocol = port == 443 ? "https" : "http";
HttpResponse response =
new HttpRequestBuilder(HttpClients.createDefault())
.protocol(protocol)
.host(host)
.port(port)
.path(resource)
.execute();
if (response.getStatusCode() != 200) {
logger.warn(
"[{}{}] download service is not working. Disabling current test.", host, resource);
return false;
}
return true;
} catch (Throwable t) {
logger.warn(
"[{}{}] download service is not working. Disabling current test.", host, resource);
}
return false;
}
public void testThatRegularExpressionWorksOnMatch() throws Exception {
String corsValue = "http://localhost:9200";
HttpResponse response =
httpClient()
.method("GET")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", corsValue)
.execute();
assertResponseWithOriginheader(response, corsValue);
corsValue = "https://localhost:9200";
response =
httpClient()
.method("GET")
.path("/")
.addHeader("User-Agent", "Mozilla Bar")
.addHeader("Origin", corsValue)
.execute();
assertResponseWithOriginheader(response, corsValue);
assertThat(response.getHeaders(), hasKey("Access-Control-Allow-Credentials"));
assertThat(response.getHeaders().get("Access-Control-Allow-Credentials"), is("true"));
}
public void testThatSendingNoOriginHeaderReturnsNoAccessControlHeader() throws Exception {
HttpResponse response =
httpClient().method("GET").path("/").addHeader("User-Agent", "Mozilla Bar").execute();
assertThat(response.getStatusCode(), is(200));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
}
protected static void assertResponseWithOriginheader(
HttpResponse response, String expectedCorsHeader) {
assertThat(response.getStatusCode(), is(200));
assertThat(response.getHeaders(), hasKey("Access-Control-Allow-Origin"));
assertThat(response.getHeaders().get("Access-Control-Allow-Origin"), is(expectedCorsHeader));
}
public void testThatRegularExpressionIsNotAppliedWithoutCorrectBrowserOnMatch() throws Exception {
HttpResponse response = httpClient().method("GET").path("/").execute();
assertThat(response.getStatusCode(), is(200));
assertThat(response.getHeaders(), not(hasKey("Access-Control-Allow-Origin")));
}
Map<String, Object> validateAndParse(HttpResponse rsp) throws Exception {
assertNotNull(rsp);
assertEquals(200, rsp.getStatusCode());
assertTrue(rsp.hasBody());
return (Map<String, Object>) new JsonPath(rsp.getBody()).evaluate("");
}