summaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
diff options
context:
space:
mode:
authorValerij Fredriksen <valerijf@verizonmedia.com>2021-05-06 17:22:25 +0200
committerValerij Fredriksen <valerijf@verizonmedia.com>2021-05-06 17:22:25 +0200
commitdf2417ec2047cc39be89c250d41c23b78032a3d0 (patch)
tree14799d8f9978c39e42b5869b49715403d29daeb3 /jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
parenta2c9cd4bc04f1a3eaa31524b3970b96be5c2eda9 (diff)
Allow wildcard in allowedUrls for CorsPreflightRequestFilter
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java')
-rw-r--r--jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java4
1 files changed, 3 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
index 3d8a661d5d1..d0722cae5ac 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
@@ -38,8 +38,10 @@ class CorsLogic {
static Map<String, String> createCorsPreflightResponseHeaders(String requestOriginHeader,
Set<String> allowedOrigins) {
+ if (requestOriginHeader == null) return ACCESS_CONTROL_HEADERS;
+
TreeMap<String, String> headers = new TreeMap<>();
- if (requestOriginHeader != null && allowedOrigins.contains(requestOriginHeader))
+ if (allowedOrigins.stream().anyMatch(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl)))
headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader);
ACCESS_CONTROL_HEADERS.forEach(headers::put);
return headers;