summaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java')
-rw-r--r--jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java21
1 files changed, 7 insertions, 14 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
index d0722cae5ac..650ec851ffd 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
@@ -27,27 +27,20 @@ class CorsLogic {
static Map<String, String> createCorsResponseHeaders(String requestOriginHeader,
Set<String> allowedOrigins) {
if (requestOriginHeader == null) return Map.of();
+
TreeMap<String, String> headers = new TreeMap<>();
- allowedOrigins.stream()
- .filter(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl))
- .findAny()
- .ifPresent(allowedOrigin -> headers.put(ALLOW_ORIGIN_HEADER, allowedOrigin));
- ACCESS_CONTROL_HEADERS.forEach(headers::put);
+ if (requestOriginMatchesAnyAllowed(requestOriginHeader, allowedOrigins))
+ headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader);
+ headers.putAll(ACCESS_CONTROL_HEADERS);
return headers;
}
static Map<String, String> createCorsPreflightResponseHeaders(String requestOriginHeader,
Set<String> allowedOrigins) {
- if (requestOriginHeader == null) return ACCESS_CONTROL_HEADERS;
-
- TreeMap<String, String> headers = new TreeMap<>();
- if (allowedOrigins.stream().anyMatch(allowedUrl -> matchesRequestOrigin(requestOriginHeader, allowedUrl)))
- headers.put(ALLOW_ORIGIN_HEADER, requestOriginHeader);
- ACCESS_CONTROL_HEADERS.forEach(headers::put);
- return headers;
+ return createCorsResponseHeaders(requestOriginHeader, allowedOrigins);
}
- private static boolean matchesRequestOrigin(String requestOrigin, String allowedUrl) {
- return allowedUrl.equals("*") || requestOrigin.startsWith(allowedUrl);
+ private static boolean requestOriginMatchesAnyAllowed(String requestOrigin, Set<String> allowedUrls) {
+ return allowedUrls.stream().anyMatch(requestOrigin::startsWith) || allowedUrls.contains("*");
}
}