details: https://code.openbravo.com/erp/devel/pi/rev/fa58c10eca84
changeset: 31705:fa58c10eca84
user: Martin Taal <martin.taal <at> openbravo.com>
date: Sun Mar 19 10:18:20 2017 +0100
summary: Fixes issue 35548: Cross domain checks is also executed/logged when
the origin
Do not check cross domain or add cors headers if the request url and origin
share the same host/port.
diffstat:
src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diffs (16 lines):
diff -r 0f00bec42b48 -r fa58c10eca84
src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
--- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Fri Mar
17 14:18:39 2017 +0100
+++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Sun Mar
19 10:18:20 2017 +0100
@@ -134,6 +134,12 @@
if (origin != null && !origin.equals("")) {
+ if (request.getRequestURL().indexOf(origin) == 0) {
+ // if the request url starts with the origin then no need to set
+ // headers either
+ return;
+ }
+
if (!fromAllowedOrigin(request)) {
return;
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
