details: https://code.openbravo.com/erp/devel/pi/rev/fa58c10eca84 changeset: 31705:fa58c10eca84 user: Martin Taal <martin.taal <at> openbravo.com> date: Sun Mar 19 10:18:20 2017 +0100 summary: Fixes issue 35548: Cross domain checks is also executed/logged when the origin Do not check cross domain or add cors headers if the request url and origin share the same host/port.
diffstat: src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diffs (16 lines): diff -r 0f00bec42b48 -r fa58c10eca84 src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java --- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Fri Mar 17 14:18:39 2017 +0100 +++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Sun Mar 19 10:18:20 2017 +0100 @@ -134,6 +134,12 @@ if (origin != null && !origin.equals("")) { + if (request.getRequestURL().indexOf(origin) == 0) { + // if the request url starts with the origin then no need to set + // headers either + return; + } + if (!fromAllowedOrigin(request)) { return; } ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits