public static URI getRequestURI(URI requestURI, String hostHeader, IoSession session) { boolean secure = SslUtils.isSecure(session); String authority = HttpUtils.getHostAndPort(hostHeader, secure); // Use getRawPath to get the un-decoded path; getPath returns the post-decode value. // This is required to handle special characters like spaces in the URI (KG-831). URI uri = URI.create("//" + authority + requestURI.getRawPath()); return uri; }
public static String getHostAndPort(HttpRequestMessage httpRequest, boolean secure) { String authority = httpRequest.getHeader("Host"); return getHostAndPort(authority, secure); }
private String getEmulatedOriginIfReferrerMatches(HttpRequestMessage httpRequest, String candidateOrigin) { String emulatedOrigin = null; // same-origin iframe will always send Referer (never cross-scheme) // so verify same-origin request to allow .ko query parameter String referer = httpRequest.getHeader("Referer"); if (referer != null) { URI refererURI = URI.create(referer); boolean isSecure = httpRequest.isSecure(); String scheme = isSecure ? "https" : "http"; String authority = HttpUtils.getHostAndPort(httpRequest, isSecure); String refererAuthority = HttpUtils.getHostAndPort(refererURI.getAuthority(), isSecure); if (refererURI.getScheme().equals(scheme) && refererAuthority.equals(authority)) { // cross-origin request emulated via same-origin request, // use .ko query parameter for Origin emulatedOrigin = candidateOrigin; } else { emulatedOrigin = "null"; } } return emulatedOrigin; }
public static URI getTransportURI(HttpRequestMessage request, IoSession session) { URI requestURI = request.getRequestURI(); String hostHeader = request.getHeader("Host"); boolean secure = SslUtils.isSecure(session); String authority = HttpUtils.getHostAndPort(hostHeader, secure); // Use getRawPath to get the un-decoded path; getPath returns the post-decode value. // This is required to handle special characters like spaces in the URI (KG-831). return URI.create("http://" + authority + requestURI.getRawPath()); }
private String getEmulatedOriginIfRequestMatchesOrigin(HttpRequestMessage httpRequest, String candidateOrigin) { String emulatedOrigin = null; String origin = httpRequest.getHeader("Origin"); URI requestURI = HttpUtils.getCanonicalURI(httpRequest.getRequestURI(), false); if (origin != null && requestURI != null) { URI originURI = HttpUtils.getCanonicalURI(origin, false); String originScheme = originURI.getScheme(); String originAuthority = originURI.getAuthority(); if (originAuthority != null && originAuthority.indexOf(':') == -1) { int port = "https".equals(originScheme) ? 443 : 80; originAuthority += ":" + port; } boolean isSecure = httpRequest.isSecure(); String scheme = isSecure ? "https" : "http"; String authority = HttpUtils.getHostAndPort(httpRequest, isSecure); if (scheme.equals(originScheme) && authority.equals(originAuthority)) { // cross-origin request emulated via same-origin request, // use .ko query parameter for Origin emulatedOrigin = candidateOrigin; } } return emulatedOrigin; } }
String originScheme = originURI.getScheme(); String originAuthority = originURI.getAuthority(); originAuthority = HttpUtils.getHostAndPort(originAuthority, originScheme.equals("https")); boolean targetIsSecure = "https".equals(URIUtils.getScheme(targetURI)); String targetScheme = URIUtils.getScheme(targetURI); String targetAuthority = HttpUtils.getHostAndPort(URIUtils.getAuthority(targetURI), targetIsSecure); if ("privileged".equals(originScheme) || ((targetScheme.equals(originScheme) && targetAuthority.equals(originAuthority)))) { String targetAuthority = HttpUtils.getHostAndPort(httpRequest, targetIsSecure);
String authority = HttpUtils.getHostAndPort(request.getAuthority(), protocol.isSecure()); final URI rtmpAddress = new URI(scheme, authority, acceptPath + sessionIdSuffix, request.getQuery(), request.getFragment());