/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
throw new IllegalArgumentException(CorsSupport.CORS_NULL_REQUEST); String originHeader = request.getHeaders().get(REQUEST_HEADER_ORIGIN); if ("OPTIONS".equals(method)) { String accessControlRequestMethodHeader = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethodHeader != null &&
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String accessControlRequestMethod = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { String accessControlRequestHeadersHeader = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); List<String> accessControlRequestHeaders = new LinkedList<>();
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String accessControlRequestMethod = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { String accessControlRequestHeadersHeader = request.getHeaders().get( CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); List<String> accessControlRequestHeaders = new LinkedList<>();
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); final RequestMethod method = RequestMethod.valueOf(request.getMethod());
throw new IllegalArgumentException(CorsSupport.CORS_NULL_REQUEST); String originHeader = request.getHeaders().get(REQUEST_HEADER_ORIGIN); if ("OPTIONS".equals(method)) { String accessControlRequestMethodHeader = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethodHeader != null &&
/** * Handles a CORS request that violates specification. */ private boolean handleInvalidCORS(final HttpRequestHolder request, final HttpResponseHolder response) { String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); String method = request.getMethod(); String accessControlRequestHeaders = request.getHeaders().get( REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); response.getHeaders().put("Content-Type", "text/plain"); //TODO: Rick note that the integration-point implementation still prevents me from decorating the http response code //response.code = HttpStatus.SC_FORBIDDEN; if (log.getLevel() == Level.FINE) { // Debug so no need for i18n StringBuilder message = new StringBuilder("Invalid CORS request; Origin="); message.append(origin); message.append(";Method="); message.append(method); if (accessControlRequestHeaders != null) { message.append(";Access-Control-Request-headers="); message.append(accessControlRequestHeaders); } log.fine(message.toString()); } return false; }
final String origin = request.getHeaders().get(CorsResponseDecorator.REQUEST_HEADER_ORIGIN); final RequestMethod method = RequestMethod.valueOf(request.getMethod());