[OpenbravoERP-commits] devel/pi: Fixes issue 34331: Support pre-defined allowed domains...

Sat, 03 Dec 2016 03:33:07 -0800 

details:   https://code.openbravo.com/erp/devel/pi/rev/61868ad98868
changeset: 30846:61868ad98868
user:      Martin Taal <martin.taal <at> openbravo.com>
date:      Sat Dec 03 12:32:30 2016 +0100
summary:   Fixes issue 34331: Support pre-defined allowed domains for 
cross-domain requests in a multi-server environment
Make method public so that it can be used by others to check if a url is in an 
allowed domain

diffstat:

 src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java |  13 
++++++++-
 1 files changed, 11 insertions(+), 2 deletions(-)

diffs (30 lines):

diff -r 94063c13f456 -r 61868ad98868 
src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
--- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java  Fri Dec 
02 19:38:20 2016 +0100
+++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java  Sat Dec 
03 12:32:30 2016 +0100
@@ -62,7 +62,16 @@
    *          , the origin can be obtained from the request
    * @return
    */
-  private boolean isAllowedOrigin(HttpServletRequest request, String origin) {
+
+  /**
+   * Returns true if the origin of the request is allowed, in that case the 
cors headers can be set
+   * ( {@link #setCORSHeaders(HttpServletRequest, HttpServletResponse)}.
+   * 
+   * @param request
+   * @return true if the origin if the request is in the list of allowed 
domains
+   */
+  public boolean fromAllowedOrigin(HttpServletRequest request) {
+    final String origin = request.getHeader("Origin");
     for (AllowedCrossDomainsChecker checker : getCheckers()) {
       if (checker.isAllowedOrigin(request, origin)) {
         return true;
@@ -105,7 +114,7 @@
 
       if (origin != null && !origin.equals("")) {
 
-        if (!isAllowedOrigin(request, origin)) {
+        if (!fromAllowedOrigin(request)) {
           return;
         }
 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

Reply via email to