diff options
author | Valerij Fredriksen <valerij92@gmail.com> | 2021-05-11 14:08:09 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerij92@gmail.com> | 2021-05-11 14:11:44 +0200 |
commit | fe1bd61832db7a88789232556e9a9c13d4f22815 (patch) | |
tree | eb566244b046860dfef00eae2c5c2bc869479c63 /jdisc-security-filters/src/main/java/com/yahoo/jdisc | |
parent | 4ae244bc86782b3dc36257edcfabc2e38f510cf7 (diff) |
Return request origin when wildcard is allowed
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index d0722cae5ac..650ec851ffd 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -27,27 +27,20 @@ class CorsLogic { static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, Set<String> allowedOrigins) { if (requestOriginHeader == null) return Map.of(); + TreeMap<String, String> headers = new TreeMap<>(); - allowedOrigins.stream() - .filter(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl)) - .findAny() - .ifPresent(allowedOrigin -> headers.put(ALLOW_ORIGIN_HEADER, allowedOrigin)); - ACCESS_CONTROL_HEADERS.forEach(headers::put); + if (requestOriginMatchesAnyAllowed(requestOriginHeader, allowedOrigins)) + headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader); + headers.putAll(ACCESS_CONTROL_HEADERS); return headers; } static Map<String, String> createCorsPreflightResponseHeaders(String requestOriginHeader, Set<String> allowedOrigins) { - if (requestOriginHeader == null) return ACCESS_CONTROL_HEADERS; - - TreeMap<String, String> headers = new TreeMap<>(); - if (allowedOrigins.stream().anyMatch(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl))) - headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader); - ACCESS_CONTROL_HEADERS.forEach(headers::put); - return headers; + return createCorsResponseHeaders(requestOriginHeader, allowedOrigins); } - private static boolean matchesRequestOrigin(String requestOrigin, String allowedUrl) { - return allowedUrl.equals("*") || requestOrigin.startsWith(allowedUrl); + private static boolean requestOriginMatchesAnyAllowed(String requestOrigin, Set<String> allowedUrls) { + return allowedUrls.stream().anyMatch(requestOrigin::startsWith) || allowedUrls.contains("*"); } } |