/** * Check if the request is a same-origin one, based on {@code Origin}, and * {@code Host} headers. * * <p><strong>Note:</strong> as of 5.1 this method ignores * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the * client-originated address. Consider using the {@code ForwardedHeaderFilter} * to extract and use, or to discard such headers. * * @return {@code true} if the request is a same-origin one, {@code false} in case * of a cross-origin request */ public static boolean isSameOrigin(ServerHttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } URI uri = request.getURI(); String actualScheme = uri.getScheme(); String actualHost = uri.getHost(); int actualPort = getPort(uri.getScheme(), uri.getPort()); Assert.notNull(actualScheme, "Actual request scheme must not be null"); Assert.notNull(actualHost, "Actual request host must not be null"); Assert.isTrue(actualPort != -1, "Actual request port must not be undefined"); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualScheme.equals(originUrl.getScheme()) && actualHost.equals(originUrl.getHost()) && actualPort == getPort(originUrl.getScheme(), originUrl.getPort())); }
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) &&
/** * Check if the request is a same-origin one, based on {@code Origin}, and * {@code Host} headers. * * <p><strong>Note:</strong> as of 5.1 this method ignores * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the * client-originated address. Consider using the {@code ForwardedHeaderFilter} * to extract and use, or to discard such headers. * * @return {@code true} if the request is a same-origin one, {@code false} in case * of a cross-origin request */ public static boolean isSameOrigin(ServerHttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } URI uri = request.getURI(); String actualScheme = uri.getScheme(); String actualHost = uri.getHost(); int actualPort = getPort(uri.getScheme(), uri.getPort()); Assert.notNull(actualScheme, "Actual request scheme must not be null"); Assert.notNull(actualHost, "Actual request host must not be null"); Assert.isTrue(actualPort != -1, "Actual request port must not be undefined"); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualScheme.equals(originUrl.getScheme()) && actualHost.equals(originUrl.getHost()) && actualPort == getPort(originUrl.getScheme(), originUrl.getPort())); }
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) &&
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (ObjectUtils.nullSafeEquals(host, originUrl.getHost()) && getPort(scheme, port) == getPort(originUrl.getScheme(), originUrl.getPort()));
/** * Check if the request is a same-origin one, based on {@code Origin}, {@code Host}, * {@code Forwarded}, {@code X-Forwarded-Proto}, {@code X-Forwarded-Host} and * @code X-Forwarded-Port} headers. * @return {@code true} if the request is a same-origin one, {@code false} in case * of a cross-origin request * <p><strong>Note:</strong> this method uses values from "Forwarded" * (<a href="http://tools.ietf.org/html/rfc7239">RFC 7239</a>), * "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers, * if present, in order to reflect the client-originated address. * Consider using the {@code ForwardedHeaderFilter} in order to choose from a * central place whether to extract and use, or to discard such headers. * See the Spring Framework reference for more on this filter. */ public static boolean isSameOrigin(ServerHttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } UriComponents actualUrl = UriComponentsBuilder.fromHttpRequest(request).build(); String actualHost = actualUrl.getHost(); int actualPort = getPort(actualUrl.getScheme(), actualUrl.getPort()); Assert.notNull(actualHost, "Actual request host must not be null"); Assert.isTrue(actualPort != -1, "Actual request port must not be undefined"); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualHost.equals(originUrl.getHost()) && actualPort == getPort(originUrl.getScheme(), originUrl.getPort())); }
/** * Check if the request is a same-origin one, based on {@code Origin}, and * {@code Host} headers. * * <p><strong>Note:</strong> as of 5.1 this method ignores * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the * client-originated address. Consider using the {@code ForwardedHeaderFilter} * to extract and use, or to discard such headers. * * @return {@code true} if the request is a same-origin one, {@code false} in case * of a cross-origin request */ public static boolean isSameOrigin(ServerHttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } URI uri = request.getURI(); String actualScheme = uri.getScheme(); String actualHost = uri.getHost(); int actualPort = getPort(uri.getScheme(), uri.getPort()); Assert.notNull(actualScheme, "Actual request scheme must not be null"); Assert.notNull(actualHost, "Actual request host must not be null"); Assert.isTrue(actualPort != -1, "Actual request port must not be undefined"); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualScheme.equals(originUrl.getScheme()) && actualHost.equals(originUrl.getHost()) && actualPort == getPort(originUrl.getScheme(), originUrl.getPort())); }
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) &&