@Override
public void handleRequest(final HttpServerExchange exchange) {
final Deque<String> origin = exchange.getRequestHeaders().get(Headers.ORIGIN);
if (origin == null) {
if (requireOriginHeader) {
// TODO: Is 403 (Forbidden) the best response code
if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) {
UndertowLogger.REQUEST_LOGGER.debugf(
"Refusing request for %s due to lack of Origin: header", exchange.getRequestPath());
}
HttpHandlers.executeHandler(originFailedHandler, exchange);
return;
}
} else {
boolean found = false;
final boolean requireAllOrigins = this.requireAllOrigins;
for (final String header : origin) {
if (allowedOrigins.contains(header)) {
found = true;
if (!requireAllOrigins) {
break;
}
} else if (requireAllOrigins) {
if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) {
UndertowLogger.REQUEST_LOGGER.debugf(
"Refusing request for %s due to Origin %s not being in the allowed origins list",
exchange.getRequestPath(), header);
}
HttpHandlers.executeHandler(originFailedHandler, exchange);
return;
}
}
if (!found) {
if (UndertowLogger.REQUEST_LOGGER.isDebugEnabled()) {
UndertowLogger.REQUEST_LOGGER.debugf(
"Refusing request for %s as none of the specified origins %s were in the allowed origins list",
exchange.getRequestPath(), origin);
}
HttpHandlers.executeHandler(originFailedHandler, exchange);
return;
}
}
HttpHandlers.executeHandler(next, exchange);
}
public void setOriginFailedHandler(HttpHandler originFailedHandler) {
HttpHandlers.handlerNotNull(originFailedHandler);
this.originFailedHandler = originFailedHandler;
}
public void setNext(final HttpHandler next) {
HttpHandlers.handlerNotNull(next);
this.next = next;
}
