put header content in constants

issue #58

gamertrack-IntegrationTest/src/test/java/com/gepardec/rest/config/filters/response/CorsResponseFilterIT.java

@@ -5,6 +5,7 @@
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
+import static com.gepardec.rest.config.filters.response.CorsResponseFilter.*;
 import static io.restassured.RestAssured.*;
 import static org.hamcrest.Matchers.blankOrNullString;
 import static org.hamcrest.Matchers.nullValue;
@@ -13,9 +14,6 @@ public class CorsResponseFilterIT {
 
     private final String VALID_ORIGIN = "http://gamertrack-frontend.apps.cloudscale-lpg-2.appuio.cloud";
     private final String INVALID_ORIGIN = "http://lkadsjlksjdfgamertrack-frontend.apps.cloudscale-lpg-2.appuio.com";
-    private final String ALLOWED_METHODS = "GET, POST, PUT, DELETE, HEAD";
-    private final String ALLOWED_HEADERS = "Content-Type, Authorization";
-    private final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "true";
 
     @BeforeAll
     public static void setup() {
@@ -40,7 +38,7 @@ void ensureCorsHeadersArePresentIfOriginMatchesAndUsesHttp() {
                 .header("Access-Control-Allow-Origin", VALID_ORIGIN)
                 .header("Access-Control-Allow-Methods", ALLOWED_METHODS)
                 .header("Access-Control-Allow-Headers", ALLOWED_HEADERS)
-                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS);
+                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS_IS_ALLOWED);
     }
 
     @Test
@@ -53,7 +51,7 @@ void ensureCorsHeadersArePresentIfOriginMatchesAndUsesHttps() {
                 .header("Access-Control-Allow-Origin", VALID_ORIGIN.replace("http", "https"))
                 .header("Access-Control-Allow-Methods", ALLOWED_METHODS)
                 .header("Access-Control-Allow-Headers", ALLOWED_HEADERS)
-                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS);
+                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS_IS_ALLOWED);
         ;
     }
 
@@ -81,7 +79,7 @@ void ensureCorsWorksWhenMakingAHeadRequest() {
                 .header("Access-Control-Allow-Origin", VALID_ORIGIN)
                 .header("Access-Control-Allow-Methods", ALLOWED_METHODS)
                 .header("Access-Control-Allow-Headers", ALLOWED_HEADERS)
-                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS)
+                .header("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS_IS_ALLOWED)
                 .body(blankOrNullString());
     }
 }

gamertrack-application/src/main/java/com/gepardec/rest/config/filters/response/CorsResponseFilter.java

@@ -11,6 +11,11 @@
 @Provider
 public class CorsResponseFilter implements ContainerResponseFilter {
 
+    protected static final String ALLOWED_METHODS = "GET, POST, PUT, DELETE, HEAD";
+    protected static final String ALLOWED_HEADERS = "Content-Type, Authorization";
+    protected static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_IS_ALLOWED = "true";
+
+
     Dotenv dotenv = Dotenv
             .configure()
             .directory("../..")
@@ -25,9 +30,9 @@ public void filter(ContainerRequestContext requestContext, ContainerResponseCont
 
         if (origin != null && origin.matches(dotenv.get("ALLOWED_ORIGINS_AS_REGEX"))) {
             responseContext.getHeaders().add("Access-Control-Allow-Origin", origin);
-            responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, HEAD");
-            responseContext.getHeaders().add("Access-Control-Allow-Headers", "Content-Type, Authorization, x-total-count");
-            responseContext.getHeaders().add("Access-Control-Allow-Credentials", true);
+            responseContext.getHeaders().add("Access-Control-Allow-Methods", ALLOWED_METHODS);
+            responseContext.getHeaders().add("Access-Control-Allow-Headers", ALLOWED_HEADERS);
+            responseContext.getHeaders().add("Access-Control-Allow-Credentials", ACCESS_CONTROL_ALLOW_CREDENTIALS_IS_ALLOWED);
         }
     }
 }