diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java new file mode 100644 index 00000000000..bf288661bc4 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java @@ -0,0 +1,38 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filters.cors; + +import com.google.inject.Inject; +import com.yahoo.jdisc.AbstractResource; +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; +import com.yahoo.yolean.chain.Provides; + +import java.util.HashSet; +import java.util.Set; + +import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsResponseHeaders; + + +/** + * @author gv + * @author Tony Vaagenes + * @author bjorncs + */ +@Provides("CorsSecurityResponseFilter") +public class CorsSecurityResponseFilter extends AbstractResource implements SecurityResponseFilter { + + private final Set<String> allowedUrls; + + @Inject + public CorsSecurityResponseFilter(CorsSecurityFilterConfig config) { + this.allowedUrls = new HashSet<>(config.allowedUrls()); + } + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + createCorsResponseHeaders(request.getFirstHeader("Origin").orElse(null), allowedUrls) + .forEach(response::setHeader); + } + +} |