From c3224f919d00a7e2857ef47ad33e5affb32a2fde Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 16:19:29 +0200 Subject: [PATCH 01/11] add CorsTest class --- .../acceptance/general/CorsTest.java | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java diff --git a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java new file mode 100644 index 000000000..0558e397e --- /dev/null +++ b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java @@ -0,0 +1,84 @@ +/** + * The MIT License + * Copyright © 2017 FAIR Data Team + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.fairdatateam.fairdatapoint.acceptance.general; + +import org.fairdatateam.fairdatapoint.Profiles; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.web.servlet.assertj.MockMvcTester; +import org.springframework.test.web.servlet.assertj.MvcTestResult; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Verifies Cross-Origin Resource Sharing (CORS) configuration. For more information see + * spring security CORS + * and spring web mvc CORS. + */ +@ActiveProfiles(Profiles.TESTING) +@AutoConfigureMockMvc +@SpringBootTest +public class CorsTest { + + private final String otherOrigin = "https://other.origin"; + private final String uri = "/"; + + private final MockMvcTester mockMvc; + + /** + * Constructor + */ + @Autowired + public CorsTest(MockMvcTester mockMvc) { + this.mockMvc = mockMvc; + } + + @Test + public void corsPreflightRequestFailsIfAccessControlRequestMethodHeaderMissing() { + MvcTestResult testResult = mockMvc.options() + .uri(uri) + .header(HttpHeaders.ORIGIN, otherOrigin) + .exchange(); + assertThat(testResult).hasStatus(HttpStatus.FORBIDDEN) + .hasBodyTextEqualTo("Invalid CORS request"); + } + + @Test + public void corsPreflightRequestYieldsExpectedAccessControlHeaders() { + MvcTestResult testResult = mockMvc.options() + .uri(uri) + // this preflight says: "I plan to make a GET request." + .header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET) + .header(HttpHeaders.ORIGIN, otherOrigin) + .exchange(); + assertThat(testResult).hasStatusOk() + .hasHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); + } + +} From 550e7061c327abdcf7933a4f728cb394839ae3ca Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 16:23:25 +0200 Subject: [PATCH 02/11] remove custom CORSFilter implementation --- .../fairdatapoint/api/filter/CORSFilter.java | 68 ------------------- .../api/filter/FilterConfigurer.java | 6 +- 2 files changed, 1 insertion(+), 73 deletions(-) delete mode 100644 src/main/java/org/fairdatateam/fairdatapoint/api/filter/CORSFilter.java diff --git a/src/main/java/org/fairdatateam/fairdatapoint/api/filter/CORSFilter.java b/src/main/java/org/fairdatateam/fairdatapoint/api/filter/CORSFilter.java deleted file mode 100644 index 53a0ebe99..000000000 --- a/src/main/java/org/fairdatateam/fairdatapoint/api/filter/CORSFilter.java +++ /dev/null @@ -1,68 +0,0 @@ -/** - * The MIT License - * Copyright © 2017 FAIR Data Team - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package org.fairdatateam.fairdatapoint.api.filter; - -import jakarta.servlet.FilterChain; -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import org.springframework.http.HttpHeaders; -import org.springframework.stereotype.Component; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.filter.OncePerRequestFilter; - -import java.io.IOException; - -import static java.lang.String.format; - -@Component -public class CORSFilter extends OncePerRequestFilter { - - @Override - public void doFilterInternal( - final HttpServletRequest request, - final HttpServletResponse response, - final FilterChain fc - ) throws IOException, ServletException { - final String allowedMtds = String.join(",", - RequestMethod.GET.name(), RequestMethod.POST.name(), - RequestMethod.PUT.name(), RequestMethod.PATCH.name(), - RequestMethod.DELETE.name()); - - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, - format("%s,%s,%s,%s", HttpHeaders.ORIGIN, HttpHeaders.AUTHORIZATION, - HttpHeaders.ACCEPT, HttpHeaders.CONTENT_TYPE)); - response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, - format("%s,%s", HttpHeaders.LOCATION, HttpHeaders.LINK)); - response.setHeader(HttpHeaders.ALLOW, allowedMtds); - response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMtds); - - fc.doFilter(request, response); - } -} diff --git a/src/main/java/org/fairdatateam/fairdatapoint/api/filter/FilterConfigurer.java b/src/main/java/org/fairdatateam/fairdatapoint/api/filter/FilterConfigurer.java index b80a88fa8..8c32e9eb1 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/api/filter/FilterConfigurer.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/api/filter/FilterConfigurer.java @@ -36,17 +36,13 @@ public class FilterConfigurer extends @Autowired private JwtTokenFilter jwtTokenFilter; - @Autowired - private CORSFilter corsFilter; - @Autowired private LoggingFilter loggingFilter; @Override public void configure(HttpSecurity http) { http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class); - http.addFilterBefore(corsFilter, JwtTokenFilter.class); - http.addFilterBefore(loggingFilter, CORSFilter.class); + http.addFilterBefore(loggingFilter, JwtTokenFilter.class); } } From dc11e61832447948e3b41e57899080fd10ef4530 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 16:37:22 +0200 Subject: [PATCH 03/11] configure CORS using WebMvcConfigurer.addCorsMappings settings are equivalent to the original custom CORSFilter.java implementation new implementation based on docs: https://docs.spring.io/spring-framework/reference/web/webmvc-cors.html#mvc-cors-global --- .../fairdatapoint/config/WebMvcConfig.java | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java index 540c31b7f..2c04769c4 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java @@ -30,11 +30,13 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; +import org.springframework.http.HttpHeaders; import org.springframework.http.converter.ByteArrayHttpMessageConverter; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.StringHttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; +import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.view.InternalResourceViewResolver; @@ -85,4 +87,23 @@ public ObjectMapper objectMapper() { public InternalResourceViewResolver defaultViewResolver() { return new InternalResourceViewResolver(); } + + /** + * Global Cross-Origin Resource Sharing (CORS) configuration + * https://docs.spring.io/spring-framework/reference/web/webmvc-cors.html#mvc-cors-global + */ + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedOrigins("*") + // todo: what about OPTIONS? + .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE") + .allowedHeaders( + HttpHeaders.ORIGIN, + HttpHeaders.AUTHORIZATION, + HttpHeaders.ACCEPT, + HttpHeaders.CONTENT_TYPE + ) + .exposedHeaders(HttpHeaders.LOCATION, HttpHeaders.LINK); + } } From 724d77b7a6f54f21f7c5a9ba321f1b4097285c9f Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 16:44:49 +0200 Subject: [PATCH 04/11] add test for non-cors requests --- .../fairdatapoint/acceptance/general/CorsTest.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java index 0558e397e..2c98cdd84 100644 --- a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java +++ b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java @@ -59,6 +59,12 @@ public CorsTest(MockMvcTester mockMvc) { this.mockMvc = mockMvc; } + @Test + public void normalRequestYieldsNoAccessControlHeaders() { + MvcTestResult testResult = mockMvc.options().uri(uri).exchange(); + assertThat(testResult).hasStatusOk().doesNotContainHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN); + } + @Test public void corsPreflightRequestFailsIfAccessControlRequestMethodHeaderMissing() { MvcTestResult testResult = mockMvc.options() From 0c6ddcbb1d0c10ea29e6adccafac94fef9dff865 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:09:29 +0200 Subject: [PATCH 05/11] enable CORS for the security filter chain this is *in addition to* the web-mvc CORS handling, and uses the web mvc cors config --- .../fairdatateam/fairdatapoint/config/SecurityConfig.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java b/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java index e7fabe00d..baaa89892 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java @@ -28,6 +28,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -67,6 +68,11 @@ public SecurityFilterChain filterChain(HttpSecurity http, FilterConfigurer filte .anyRequest().permitAll(); } ) + // Enable CORS for the security filter chain. + // "If Spring MVC is on classpath and no CorsConfigurationSource is provided, + // Spring Security will use CORS configuration provided to Spring MVC." + // https://docs.spring.io/spring-security/reference/servlet/integrations/cors.html#cors-spring-mvc-integration + .cors(Customizer.withDefaults()) .apply(filterConfigurer); return http.build(); } From 8eb68fc60de1ba5e6e8c75a034855582ab785ff6 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:13:45 +0200 Subject: [PATCH 06/11] also allow HTTP HEAD method in CORS --- .../org/fairdatateam/fairdatapoint/config/WebMvcConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java index 2c04769c4..891c6a1af 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java @@ -96,8 +96,7 @@ public InternalResourceViewResolver defaultViewResolver() { public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") - // todo: what about OPTIONS? - .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE") + .allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE") .allowedHeaders( HttpHeaders.ORIGIN, HttpHeaders.AUTHORIZATION, From 8fcb6b73b4db93583e1c116e109a23ae6037665e Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:28:46 +0200 Subject: [PATCH 07/11] comments about cors settings --- .../org/fairdatateam/fairdatapoint/config/WebMvcConfig.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java index 891c6a1af..7319dda16 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/config/WebMvcConfig.java @@ -89,8 +89,9 @@ public InternalResourceViewResolver defaultViewResolver() { } /** - * Global Cross-Origin Resource Sharing (CORS) configuration - * https://docs.spring.io/spring-framework/reference/web/webmvc-cors.html#mvc-cors-global + * Global Cross-Origin Resource Sharing (CORS) configuration based on + * + * Web MVC CORS example */ @Override public void addCorsMappings(CorsRegistry registry) { @@ -103,6 +104,7 @@ public void addCorsMappings(CorsRegistry registry) { HttpHeaders.ACCEPT, HttpHeaders.CONTENT_TYPE ) + // If the response contains these headers, the browser will expose them in JavaScript .exposedHeaders(HttpHeaders.LOCATION, HttpHeaders.LINK); } } From 63130d3be21381cb7c49459628fda1343de0c2ce Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:35:36 +0200 Subject: [PATCH 08/11] check all CORS headers in CorsTest --- .../acceptance/general/CorsTest.java | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java index 2c98cdd84..8e9115287 100644 --- a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java +++ b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java @@ -22,6 +22,7 @@ */ package org.fairdatateam.fairdatapoint.acceptance.general; +import org.eclipse.jetty.http.HttpHeader; import org.fairdatateam.fairdatapoint.Profiles; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -34,6 +35,8 @@ import org.springframework.test.web.servlet.assertj.MockMvcTester; import org.springframework.test.web.servlet.assertj.MvcTestResult; +import java.util.List; + import static org.assertj.core.api.Assertions.assertThat; /** @@ -61,12 +64,15 @@ public CorsTest(MockMvcTester mockMvc) { @Test public void normalRequestYieldsNoAccessControlHeaders() { + // request without Origin header MvcTestResult testResult = mockMvc.options().uri(uri).exchange(); - assertThat(testResult).hasStatusOk().doesNotContainHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN); + assertThat(testResult).hasStatusOk() + .doesNotContainHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN); } @Test public void corsPreflightRequestFailsIfAccessControlRequestMethodHeaderMissing() { + // request with Origin header, but without AccessControlRequestMethod header MvcTestResult testResult = mockMvc.options() .uri(uri) .header(HttpHeaders.ORIGIN, otherOrigin) @@ -77,14 +83,23 @@ public void corsPreflightRequestFailsIfAccessControlRequestMethodHeaderMissing() @Test public void corsPreflightRequestYieldsExpectedAccessControlHeaders() { + // valid CORS request, with both required headers MvcTestResult testResult = mockMvc.options() .uri(uri) - // this preflight says: "I plan to make a GET request." + // this preflight says: "I plan to make a GET request with this header from this origin." .header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET) + .header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, HttpHeaders.AUTHORIZATION) .header(HttpHeaders.ORIGIN, otherOrigin) .exchange(); - assertThat(testResult).hasStatusOk() - .hasHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); + List.of( + // note that Access-Control-Allow-Headers is only returned if the request + // contains Access-Control-Request-Headers + HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, + HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, + HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, + HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS + ).forEach(header -> assertThat(testResult).hasStatusOk().containsHeader(header)); + } } From 3998d5c071f8c1330f7ee2aed2916ea2bd3e27e1 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:40:47 +0200 Subject: [PATCH 09/11] todo mockmvc security filter chain setup --- .../fairdatapoint/acceptance/general/CorsTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java index 8e9115287..e6168e170 100644 --- a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java +++ b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java @@ -54,6 +54,9 @@ public class CorsTest { private final MockMvcTester mockMvc; + // todo: do we need to enable the security filter chain as well, to test http.cors()? + // https://docs.spring.io/spring-security/reference/servlet/test/mockmvc/setup.html + /** * Constructor */ From 53a87fb15e3451be0633c741e0d892505b31047f Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 17:57:53 +0200 Subject: [PATCH 10/11] note about @EnableWebSecurity [no ci] --- .../org/fairdatateam/fairdatapoint/config/SecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java b/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java index baaa89892..bf923fd75 100644 --- a/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java +++ b/src/main/java/org/fairdatateam/fairdatapoint/config/SecurityConfig.java @@ -36,6 +36,7 @@ import org.springframework.security.web.SecurityFilterChain; @Configuration +// Spring Security docs use @EnableWebSecurity, but we don't need it here because of Spring Boot autoconfiguration. public class SecurityConfig { @Bean From 006617f6f79220500ef72aac5953ff248b15b397 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Tue, 16 Jun 2026 18:06:30 +0200 Subject: [PATCH 11/11] fix comment [no ci] --- .../fairdatateam/fairdatapoint/acceptance/general/CorsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java index e6168e170..ca4ba5905 100644 --- a/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java +++ b/src/test/java/org/fairdatateam/fairdatapoint/acceptance/general/CorsTest.java @@ -75,7 +75,7 @@ public void normalRequestYieldsNoAccessControlHeaders() { @Test public void corsPreflightRequestFailsIfAccessControlRequestMethodHeaderMissing() { - // request with Origin header, but without AccessControlRequestMethod header + // request with Origin header, but without Access-Control-Request-Method header MvcTestResult testResult = mockMvc.options() .uri(uri) .header(HttpHeaders.ORIGIN, otherOrigin)