dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 20833: Refactored R 20830 to also work for X-Forwarded-Proto requests.

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 21 Oct 2015 15:27:26 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 20833
committer: Halvdan Hoem Grelland <halvdanhg@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2015-10-21 17:25:55 +0200
message:
  Refactored R 20830 to also work for X-Forwarded-Proto requests.
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2015-10-21 15:08:51 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2015-10-21 15:25:55 +0000
@@ -46,6 +46,7 @@
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import org.springframework.web.util.UriComponentsBuilder;
 
 /**
  * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
@@ -131,18 +132,16 @@
 
     private boolean isOriginWhitelisted( HttpServletRequest request, String origin )
     {
+        UriComponentsBuilder uriBuilder = ServletUriComponentsBuilder.fromContextPath( request ).replacePath( "" );
+
         String forwardedProto = request.getHeader( "X-Forwarded-Proto" );
-        String localUrl;
-
-        if ( StringUtils.isEmpty( forwardedProto ) )
-        {
-            localUrl = ServletUriComponentsBuilder.fromContextPath( request ).replacePath( "" ).build().toUriString();
-        }
-        else
-        {
-            localUrl = ServletUriComponentsBuilder.fromContextPath( request )
-                .scheme( forwardedProto ).build().toUriString();
-        }
+
+        if ( !StringUtils.isEmpty( forwardedProto ) )
+        {
+            uriBuilder.scheme( forwardedProto );
+        }
+
+        String localUrl = uriBuilder.build().toString();
 
         return !StringUtils.isEmpty( origin ) && ( localUrl.equals( origin ) ||
             configurationService.getCorsWhitelist().contains( origin ) );