blob: d0b9e4ce7c9b6f726b49a84857f8e15b52354d74 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jdisc.http.filter.security.cors;
import com.google.inject.Inject;
import com.yahoo.jdisc.AbstractResource;
import com.yahoo.jdisc.http.filter.DiscFilterResponse;
import com.yahoo.jdisc.http.filter.RequestView;
import com.yahoo.jdisc.http.filter.SecurityResponseFilter;
import com.yahoo.yolean.chain.Provides;
import java.util.HashSet;
import java.util.Set;
/**
* @author gv
* @author Tony Vaagenes
* @author bjorncs
*/
@Provides("CorsResponseFilter")
public class CorsResponseFilter extends AbstractResource implements SecurityResponseFilter {
private final Set<String> allowedUrls;
@Inject
public CorsResponseFilter(CorsFilterConfig config) {
this.allowedUrls = new HashSet<>(config.allowedUrls());
}
@Override
public void filter(DiscFilterResponse response, RequestView request) {
CorsLogic.createCorsResponseHeaders(request.getFirstHeader("Origin").orElse(null), allowedUrls)
.forEach(response::setHeader);
}
}
|
