@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
throw new IllegalArgumentException(CorsSupport.CORS_NULL_REQUEST); String originHeader = request.getHeaders().get(REQUEST_HEADER_ORIGIN); return CORSRequestType.NOT_CORS; } else { String method = request.getMethod(); if (method != null) { if ("OPTIONS".equals(method)) { String accessControlRequestMethodHeader = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethodHeader != null && requestType = CORSRequestType.SIMPLE; } else if ("POST".equals(method)) { String mediaType = request.getContentType(); if (mediaType != null) {
private boolean isLocalOrigin(HttpRequestHolder request, String origin) { // Build scheme://host:port from request StringBuilder target = new StringBuilder(); URI uri = URI.create(request.getRequestUri()); String scheme = uri.getScheme(); if (scheme == null) { return false; } else { scheme = scheme.toLowerCase(Locale.ENGLISH); } target.append(scheme); target.append("://"); String host = uri.getHost(); if (host == null) { return false; } target.append(host); int port = uri.getPort(); if ("http".equals(scheme) && port != 80 || "https".equals(scheme) && port != 443) { target.append(':'); target.append(port); } return origin.equalsIgnoreCase(target.toString()); }
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String accessControlRequestMethod = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { String accessControlRequestHeadersHeader = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); List<String> accessControlRequestHeaders = new LinkedList<>();
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); final RequestMethod method = RequestMethod.valueOf(request.getMethod());
throw new IllegalArgumentException(CorsSupport.CORS_NULL_REQUEST); String originHeader = request.getHeaders().get(REQUEST_HEADER_ORIGIN); return CORSRequestType.NOT_CORS; } else { String method = request.getMethod(); if (method != null) { if ("OPTIONS".equals(method)) { String accessControlRequestMethodHeader = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethodHeader != null && requestType = CORSRequestType.SIMPLE; } else if ("POST".equals(method)) { String mediaType = request.getContentType(); if (mediaType != null) {
private boolean isLocalOrigin(HttpRequestHolder request, String origin) { // Build scheme://host:port from request StringBuilder target = new StringBuilder(); URI uri = URI.create(request.getRequestUri()); String scheme = uri.getScheme(); if (scheme == null) { return false; } else { scheme = scheme.toLowerCase(Locale.ENGLISH); } target.append(scheme); target.append("://"); String host = uri.getHost(); if (host == null) { return false; } target.append(host); int port = uri.getPort(); if ("http".equals(scheme) && port != 80 || "https".equals(scheme) && port != 443) { target.append(':'); target.append(port); } return origin.equalsIgnoreCase(target.toString()); }
/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String accessControlRequestMethod = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { String accessControlRequestHeadersHeader = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); List<String> accessControlRequestHeaders = new LinkedList<>();
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); final RequestMethod method = RequestMethod.valueOf(request.getMethod());
/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }