Fix #313 - Do not treat OPTIONS [base]/foo as a request for server's

conformance statement. Thanks to Michael Lawley for reporting!

hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/method/ConformanceMethodBinding.java

@@ -81,7 +81,9 @@ public class ConformanceMethodBinding extends BaseResourceReturningMethodBinding
 	@Override
 	public boolean incomingServerRequestMatchesMethod(RequestDetails theRequest) {
 		if (theRequest.getRequestType() == RequestTypeEnum.OPTIONS) {
-			return true;
+			if (theRequest.getOperation() == null && theRequest.getResourceName() == null) {
+				return true;
+			}
 		}
 
 		if (theRequest.getResourceName() != null) {

hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/server/ServerFeaturesDstu2Test.java

@@ -36,9 +36,11 @@ import ca.uhn.fhir.util.PortUtil;
 public class ServerFeaturesDstu2Test {
 
 	private static CloseableHttpClient ourClient;
+	private static FhirContext ourCtx = FhirContext.forDstu2();
+	private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(ServerFeaturesDstu2Test.class);
 	private static int ourPort;
 	private static Server ourServer;
-	private static FhirContext ourCtx = FhirContext.forDstu2();
+
 	private static RestfulServer ourServlet;
 
 	@Test
@@ -50,6 +52,72 @@ public class ServerFeaturesDstu2Test {
 
 		assertEquals(200, status.getStatusLine().getStatusCode());
 		assertThat(responseContent, containsString("<Conformance"));
+
+		/*
+		 * Now with a leading /
+		 */
+
+		httpGet = new HttpOptions("http://localhost:" + ourPort + "/");
+		status = ourClient.execute(httpGet);
+		responseContent = IOUtils.toString(status.getEntity().getContent());
+		IOUtils.closeQuietly(status.getEntity().getContent());
+
+		assertEquals(200, status.getStatusLine().getStatusCode());
+		assertThat(responseContent, containsString("<Conformance"));
+
+	}
+
+	/**
+	 * See #313
+	 */
+	@Test
+	public void testOptionsForNonBasePath1() throws Exception {
+		HttpOptions httpGet = new HttpOptions("http://localhost:" + ourPort + "/Foo");
+		HttpResponse status = ourClient.execute(httpGet);
+		String responseContent = IOUtils.toString(status.getEntity().getContent());
+		IOUtils.closeQuietly(status.getEntity().getContent());
+
+		ourLog.info(responseContent);
+		assertEquals(400, status.getStatusLine().getStatusCode());
+	}
+
+	/**
+	 * See #313
+	 */
+	@Test
+	public void testOptionsForNonBasePath3() throws Exception {
+		HttpOptions httpGet = new HttpOptions("http://localhost:" + ourPort + "/metadata");
+		HttpResponse status = ourClient.execute(httpGet);
+		String responseContent = IOUtils.toString(status.getEntity().getContent());
+		IOUtils.closeQuietly(status.getEntity().getContent());
+
+		ourLog.info(responseContent);
+		assertEquals(405, status.getStatusLine().getStatusCode());
+	}
+
+	/**
+	 * See #313
+	 */
+	@Test
+	public void testOptionsForNonBasePath2() throws Exception {
+		HttpOptions httpGet = new HttpOptions("http://localhost:" + ourPort + "/Patient/1");
+		HttpResponse status = ourClient.execute(httpGet);
+		String responseContent = IOUtils.toString(status.getEntity().getContent());
+		IOUtils.closeQuietly(status.getEntity().getContent());
+
+		ourLog.info(responseContent);
+		assertEquals(400, status.getStatusLine().getStatusCode());
+	}
+
+	@Test
+	public void testOptionsJson() throws Exception {
+		HttpOptions httpGet = new HttpOptions("http://localhost:" + ourPort + "?_format=json");
+		HttpResponse status = ourClient.execute(httpGet);
+		String responseContent = IOUtils.toString(status.getEntity().getContent());
+		IOUtils.closeQuietly(status.getEntity().getContent());
+
+		assertEquals(200, status.getStatusLine().getStatusCode());
+		assertThat(responseContent, containsString("resourceType\":\"Conformance"));
 	}
 
 	@Test
@@ -77,17 +145,6 @@ public class ServerFeaturesDstu2Test {
 
 	}
 
-	@Test
-	public void testOptionsJson() throws Exception {
-		HttpOptions httpGet = new HttpOptions("http://localhost:" + ourPort + "?_format=json");
-		HttpResponse status = ourClient.execute(httpGet);
-		String responseContent = IOUtils.toString(status.getEntity().getContent());
-		IOUtils.closeQuietly(status.getEntity().getContent());
-
-		assertEquals(200, status.getStatusLine().getStatusCode());
-		assertThat(responseContent, containsString("resourceType\":\"Conformance"));
-	}
-
 	@AfterClass
 	public static void afterClass() throws Exception {
 		ourServer.stop();
@@ -119,6 +176,11 @@ public class ServerFeaturesDstu2Test {
 
 	public static class DummyPatientResourceProvider implements IResourceProvider {
 
+		@Override
+		public Class<? extends IResource> getResourceType() {
+			return Patient.class;
+		}
+
 		@Read
 		public Patient read(@IdParam IdDt theId) {
 			Patient p1 = new Patient();
@@ -127,15 +189,15 @@ public class ServerFeaturesDstu2Test {
 			return p1;
 		}
 
+	}
+
+	public static class DummyPatientResourceProvider2 implements IResourceProvider {
+
 		@Override
 		public Class<? extends IResource> getResourceType() {
 			return Patient.class;
 		}
 
-	}
-
-	public static class DummyPatientResourceProvider2 implements IResourceProvider {
-
 		@Read
 		public Patient read(@IdParam IdDt theId) {
 			Patient p1 = new Patient();
@@ -144,11 +206,6 @@ public class ServerFeaturesDstu2Test {
 			return p1;
 		}
 
-		@Override
-		public Class<? extends IResource> getResourceType() {
-			return Patient.class;
-		}
-
 	}
 
 }

src/changes/changes.xml

@@ -224,6 +224,12 @@
 				field in the deserialized object could not be
 				modified. Thanks to Thomas Andersen for reporting!
 			</action>
+			<action type="fix" issue="313">
+				REST Server responded to HTTP OPTIONS requests with 
+				any URI as being a request for the server's
+				Conformance statement. This is incorrect, as only
+				a request for <![CDATA[<code>OPTIONS [base url]</code>]]> should be treated as such. Thanks to Michael Lawley for reporting!
+			</action>
 		</release>
 		<release version="1.4" date="2016-02-04">
 			<action type="add">