diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index 3d8a661d5d1..d0722cae5ac 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -38,8 +38,10 @@ class CorsLogic { static Map<String, String> createCorsPreflightResponseHeaders(String requestOriginHeader, Set<String> allowedOrigins) { + if (requestOriginHeader == null) return ACCESS_CONTROL_HEADERS; + TreeMap<String, String> headers = new TreeMap<>(); - if (requestOriginHeader != null && allowedOrigins.contains(requestOriginHeader)) + if (allowedOrigins.stream().anyMatch(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl))) headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader); ACCESS_CONTROL_HEADERS.forEach(headers::put); return headers; |