diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-09 12:56:40 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-09 13:42:05 +0200 |
commit | 8d10816667ceb5798389b95209f1ffd50205ecf5 (patch) | |
tree | e099c1d0114854ebdb57328d94dfd3307bc6445a /jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | |
parent | e056e4faf903ba1d01d2a22f482fd0ab7cfb484b (diff) |
Change package name and class name of Cors filters
* Change package name to 'com.yahoo.jdisc.filter.security.cors'
* Remove 'Security' from names of Cors class names
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java new file mode 100644 index 00000000000..54f1ee3042f --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -0,0 +1,56 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.cors; + +import com.google.common.collect.ImmutableMap; +import com.yahoo.jdisc.HeaderFields; +import com.yahoo.jdisc.Response; + +import java.time.Duration; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import java.util.TreeMap; + +/** + * @author bjorncs + */ +class CorsLogic { + private CorsLogic() {} + + static final String CORS_PREFLIGHT_REQUEST_CACHE_TTL = Long.toString(Duration.ofDays(7).getSeconds()); + + static final String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin"; + + static final Map<String, String> ACCESS_CONTROL_HEADERS = ImmutableMap.of( + "Access-Control-Max-Age", CORS_PREFLIGHT_REQUEST_CACHE_TTL, + "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth", + "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST", + "Access-Control-Allow-Credentials", "true" + ); + + static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, + Set<String> allowedOrigins) { + if (requestOriginHeader == null) return Collections.emptyMap(); + TreeMap<String, String> headers = new TreeMap<>(); + allowedOrigins.stream() + .filter(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl)) + .findAny() + .ifPresent(allowedOrigin -> headers.put(ALLOW_ORIGIN_HEADER, allowedOrigin)); + ACCESS_CONTROL_HEADERS.forEach(headers::put); + return headers; + } + + static Map<String, String> createCorsPreflightResponseHeaders(String requestOriginHeader, + Set<String> allowedOrigins) { + TreeMap<String, String> headers = new TreeMap<>(); + if (allowedOrigins.contains(requestOriginHeader)) + headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader); + ACCESS_CONTROL_HEADERS.forEach(headers::put); + return headers; + } + + private static boolean matchesRequestOrigin(String requestOrigin, String allowedUrl) { + return allowedUrl.equals("*") || requestOrigin.startsWith(allowedUrl); + } +} |