diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java new file mode 100644 index 00000000000..d0b9e4ce7c9 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java @@ -0,0 +1,36 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.cors; + +import com.google.inject.Inject; +import com.yahoo.jdisc.AbstractResource; +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; +import com.yahoo.yolean.chain.Provides; + +import java.util.HashSet; +import java.util.Set; + + +/** + * @author gv + * @author Tony Vaagenes + * @author bjorncs + */ +@Provides("CorsResponseFilter") +public class CorsResponseFilter extends AbstractResource implements SecurityResponseFilter { + + private final Set<String> allowedUrls; + + @Inject + public CorsResponseFilter(CorsFilterConfig config) { + this.allowedUrls = new HashSet<>(config.allowedUrls()); + } + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + CorsLogic.createCorsResponseHeaders(request.getFirstHeader("Origin").orElse(null), allowedUrls) + .forEach(response::setHeader); + } + +} |