dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34800
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17853: minor fix, skip CORS if Origin header is not set
------------------------------------------------------------
revno: 17853
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2014-12-31 00:07:59 +0100
message:
minor fix, skip CORS if Origin header is not set
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java 2014-12-30 22:50:26 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java 2014-12-30 23:07:59 +0000
@@ -78,11 +78,14 @@
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
- String origin = request.getHeader( CORS_ORIGIN );
- origin = !StringUtils.isEmpty( origin ) ? origin : "*";
+ // Origin header is required for CORS requests
+ if ( StringUtils.isEmpty( request.getHeader( CORS_ORIGIN ) ) )
+ {
+ filterChain.doFilter( request, response );
+ }
response.addHeader( CORS_ALLOW_CREDENTIALS, "true" );
- response.addHeader( CORS_ALLOW_ORIGIN, origin );
+ response.addHeader( CORS_ALLOW_ORIGIN, request.getHeader( CORS_ORIGIN ) );
if ( isPreflight( request ) )
{
