@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); } else { if (anyOriginAllowed) { response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); } else { response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, String.valueOf(preFlightMaxAge)); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, accessControlRequestMethod); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(corsSupport.getAllowedHeaders(), ","));
response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); } else { if (anyOriginAllowed) { response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); } else { response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, String.valueOf(preFlightMaxAge)); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, accessControlRequestMethod); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(corsSupport.getAllowedHeaders(), ","));
response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString);
/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString);
/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }