Exemplo n.º 1
0
  public void build(HttpResponse response) {
    String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER);
    if (origin == null) {
      logger.debug("No origin returning");
      return;
    }

    if (!preflight
        && (allowedOrigins == null
            || (!allowedOrigins.contains(origin)
                && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
      logger.debug("!preflight and no origin");
      return;
    }

    logger.debug("build CORS headers and return");

    response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN, origin);

    if (preflight) {
      if (allowedMethods != null) {
        response
            .getOutputHeaders()
            .add(ACCESS_CONTROL_ALLOW_METHODS, CollectionUtil.join(allowedMethods));
      } else {
        response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_METHODS, DEFAULT_ALLOW_METHODS);
      }
    }

    if (!preflight && exposedHeaders != null) {
      response
          .getOutputHeaders()
          .add(ACCESS_CONTROL_EXPOSE_HEADERS, CollectionUtil.join(exposedHeaders));
    }

    response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.toString(auth));

    if (preflight) {
      if (auth) {
        response
            .getOutputHeaders()
            .add(
                ACCESS_CONTROL_ALLOW_HEADERS,
                String.format("%s, %s", DEFAULT_ALLOW_HEADERS, AUTHORIZATION_HEADER));
      } else {
        response.getOutputHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, DEFAULT_ALLOW_HEADERS);
      }
    }

    if (preflight) {
      response.getOutputHeaders().add(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE);
    }
  }
Exemplo n.º 2
0
  public Response build() {
    String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN_HEADER);
    if (origin == null) {
      return builder.build();
    }

    if (!preflight
        && (allowedOrigins == null
            || (!allowedOrigins.contains(origin)
                && !allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)))) {
      return builder.build();
    }

    builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, origin);

    if (preflight) {
      if (allowedMethods != null) {
        builder.header(ACCESS_CONTROL_ALLOW_METHODS, CollectionUtil.join(allowedMethods));
      } else {
        builder.header(ACCESS_CONTROL_ALLOW_METHODS, DEFAULT_ALLOW_METHODS);
      }
    }

    if (!preflight && exposedHeaders != null) {
      builder.header(ACCESS_CONTROL_EXPOSE_HEADERS, CollectionUtil.join(exposedHeaders));
    }

    builder.header(ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.toString(auth));

    if (preflight) {
      if (auth) {
        builder.header(
            ACCESS_CONTROL_ALLOW_HEADERS,
            String.format("%s, %s", DEFAULT_ALLOW_HEADERS, AUTHORIZATION_HEADER));
      } else {
        builder.header(ACCESS_CONTROL_ALLOW_HEADERS, DEFAULT_ALLOW_HEADERS);
      }
    }

    if (preflight) {
      builder.header(ACCESS_CONTROL_MAX_AGE, DEFAULT_MAX_AGE);
    }

    return builder.build();
  }