@Override public void handleRequest(final HttpServerExchange exchange) { final Deque<String> origin = exchange.getRequestHeaders().get(Headers.ORIGIN); if (origin == null) { if (requireOriginHeader) { // TODO: Is 403 (Forbidden) the best response code if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) { UndertowLogger.REQUEST_LOGGER.debugf( "Refusing request for %s due to lack of Origin: header", exchange.getRequestPath()); } HttpHandlers.executeHandler(originFailedHandler, exchange); return; } } else { boolean found = false; final boolean requireAllOrigins = this.requireAllOrigins; for (final String header : origin) { if (allowedOrigins.contains(header)) { found = true; if (!requireAllOrigins) { break; } } else if (requireAllOrigins) { if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) { UndertowLogger.REQUEST_LOGGER.debugf( "Refusing request for %s due to Origin %s not being in the allowed origins list", exchange.getRequestPath(), header); } HttpHandlers.executeHandler(originFailedHandler, exchange); return; } } if (!found) { if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) { UndertowLogger.REQUEST_LOGGER.debugf( "Refusing request for %s as none of the specified origins %s were in the allowed origins list", exchange.getRequestPath(), origin); } HttpHandlers.executeHandler(originFailedHandler, exchange); return; } } HttpHandlers.executeHandler(next, exchange); }
public void setOriginFailedHandler(HttpHandler originFailedHandler) { HttpHandlers.handlerNotNull(originFailedHandler); this.originFailedHandler = originFailedHandler; }
public void setNext(final HttpHandler next) { HttpHandlers.handlerNotNull(next); this.next = next; }