private String getOriginOrReferer(HttpServletRequest pReq) {
String origin = pReq.getHeader("Origin");
if (origin == null) {
origin = pReq.getHeader("Referer");
}
return origin != null ? origin.replaceAll("[\\n\\r]*", "") : null;
}
/**
* OPTION requests are treated as CORS preflight requests
*
* @param req the original request
* @param resp the response the answer are written to
*/
@Override
protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Map<String, String> responseHeaders =
requestHandler.handleCorsPreflightRequest(
req.getHeader("Origin"), req.getHeader("Access-Control-Request-Headers"));
for (Map.Entry<String, String> entry : responseHeaders.entrySet()) {
resp.setHeader(entry.getKey(), entry.getValue());
}
}
// Set an appropriate CORS header if requested and if allowed
private void setCorsHeader(HttpServletRequest pReq, HttpServletResponse pResp) {
String origin = requestHandler.extractCorsOrigin(pReq.getHeader("Origin"));
if (origin != null) {
pResp.setHeader("Access-Control-Allow-Origin", origin);
pResp.setHeader("Access-Control-Allow-Credentials", "true");
}
}