diff options
author | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-01-25 15:24:24 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-01-25 15:24:24 +0100 |
commit | 9cca3eba79c5baef6e887fd86b7b7c01b8678e79 (patch) | |
tree | fef186da83487386addb00d3272ed640f7a0d9df /jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | |
parent | b04cbff7a7d15dffeaa4230c2e6a1c55af66b4d0 (diff) |
Add CORS filters
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index 54bc6239cf5..185984deeec 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -1,10 +1,7 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http.filter.security.cors; -import com.google.common.collect.ImmutableMap; - import java.time.Duration; -import java.util.Collections; import java.util.Map; import java.util.Set; import java.util.TreeMap; @@ -15,20 +12,21 @@ import java.util.TreeMap; class CorsLogic { private CorsLogic() {} - static final String CORS_PREFLIGHT_REQUEST_CACHE_TTL = Long.toString(Duration.ofDays(7).getSeconds()); + static final String CORS_PREFLIGHT_REQUEST_CACHE_TTL = Long.toString(Duration.ofDays(7).getSeconds()); static final String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin"; - static final Map<String, String> ACCESS_CONTROL_HEADERS = ImmutableMap.of( + static final Map<String, String> ACCESS_CONTROL_HEADERS = Map.of( "Access-Control-Max-Age", CORS_PREFLIGHT_REQUEST_CACHE_TTL, "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth,Okta-Identity-Token,Okta-Access-Token,Okta-Refresh-Token", - "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST", - "Access-Control-Allow-Credentials", "true" + "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH", + "Access-Control-Allow-Credentials", "true", + "Vary", "Origin" ); static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, Set<String> allowedOrigins) { - if (requestOriginHeader == null) return Collections.emptyMap(); + if (requestOriginHeader == null) return Map.of(); TreeMap<String, String> headers = new TreeMap<>(); allowedOrigins.stream() .filter(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl)) |