details: https://code.openbravo.com/erp/devel/pi/rev/3871cdf1a2e9 changeset: 31044:3871cdf1a2e9 user: Martin Taal <martin.taal <at> openbravo.com> date: Tue Dec 27 07:01:53 2016 +0100 summary: Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment Added new public method to validate that an invalid origin is set on the header, other method is made private again to limit public methods.
diffstat: src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java | 27 +++++++++- 1 files changed, 26 insertions(+), 1 deletions(-) diffs (44 lines): diff -r a86d5ba912d6 -r 3871cdf1a2e9 src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java --- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Mon Dec 26 21:17:14 2016 +0000 +++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Tue Dec 27 07:01:53 2016 +0100 @@ -60,7 +60,7 @@ * @param request * @return true if the origin if the request is in the list of allowed domains */ - public boolean fromAllowedOrigin(HttpServletRequest request) { + private boolean fromAllowedOrigin(HttpServletRequest request) { final String origin = request.getHeader("Origin"); if (origin == null) { @@ -75,6 +75,31 @@ return false; } + /** + * Checks if an origin is set on the header, if not then false is returned. If there are no checkers installed then also false + * is returned. If there are checkers installed then the origin is checked and the result is returned. + * + * Note: will return true if there is indeed an invalid confirmed origin. + */ + public boolean isCheckedInvalidOrigin(HttpServletRequest request) { + final String origin = request.getHeader("Origin"); + + if (origin == null) { + return false; + } + + if (getCheckers().isEmpty()) { + return false; + } + + for (AllowedCrossDomainsChecker checker : getCheckers()) { + if (checker.isAllowedOrigin(request, origin)) { + return false; + } + } + return true; + } + private Collection<AllowedCrossDomainsChecker> getCheckers() { if (checkers == null) { setCheckers(); ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits