dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #40890
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 20833: Refactored R 20830 to also work for X-Forwarded-Proto requests.
------------------------------------------------------------
revno: 20833
committer: Halvdan Hoem Grelland <halvdanhg@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2015-10-21 17:25:55 +0200
message:
Refactored R 20830 to also work for X-Forwarded-Proto requests.
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java 2015-10-21 15:08:51 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java 2015-10-21 15:25:55 +0000
@@ -46,6 +46,7 @@
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import org.springframework.web.util.UriComponentsBuilder;
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
@@ -131,18 +132,16 @@
private boolean isOriginWhitelisted( HttpServletRequest request, String origin )
{
+ UriComponentsBuilder uriBuilder = ServletUriComponentsBuilder.fromContextPath( request ).replacePath( "" );
+
String forwardedProto = request.getHeader( "X-Forwarded-Proto" );
- String localUrl;
-
- if ( StringUtils.isEmpty( forwardedProto ) )
- {
- localUrl = ServletUriComponentsBuilder.fromContextPath( request ).replacePath( "" ).build().toUriString();
- }
- else
- {
- localUrl = ServletUriComponentsBuilder.fromContextPath( request )
- .scheme( forwardedProto ).build().toUriString();
- }
+
+ if ( !StringUtils.isEmpty( forwardedProto ) )
+ {
+ uriBuilder.scheme( forwardedProto );
+ }
+
+ String localUrl = uriBuilder.build().toString();
return !StringUtils.isEmpty( origin ) && ( localUrl.equals( origin ) ||
configurationService.getCorsWhitelist().contains( origin ) );