Skip to content
Snippets Groups Projects
Commit e1b73d8c authored by Rustam Lotsmanenko (EPAM)'s avatar Rustam Lotsmanenko (EPAM)
Browse files

GONRG-2138 fix filter for CORS preflight request

parent 2357e0f0
No related branches found
No related tags found
1 merge request!105Fix filter for CORS preflight request(GONRG-2138)
Pipeline #34497 passed with warnings
......@@ -58,9 +58,9 @@ public class LegalFilter implements Filter {
long startTime = System.currentTimeMillis();
setResponseHeaders(httpServletResponse);
try {
if (!validateIsHttps(httpServletResponse)) {
if (!validateIsHttps(httpServletResponse,httpServletRequest)) {
//do nothing
} else if (httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS")) {
} else if (isOptionsMethod(httpServletRequest)) {
httpServletResponse.setStatus(200);
} else {
chain.doFilter(request, response);
......@@ -75,9 +75,9 @@ public class LegalFilter implements Filter {
public void destroy() {
}
private boolean validateIsHttps( HttpServletResponse httpServletResponse) {
private boolean validateIsHttps( HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
String uri = requestInfo.getUri();
if(!isLocalHost(uri) && !isCronJob(uri) && !isSwagger(uri) && !isHealthCheck(uri)) {
if(!isLocalHost(uri) && !isCronJob(uri) && !isSwagger(uri) && !isHealthCheck(uri) && !isOptionsMethod(httpServletRequest)) {
if(!hasJwt()) {
httpServletResponse.setStatus(401);
return false;
......@@ -111,6 +111,11 @@ public class LegalFilter implements Filter {
private boolean isSwagger(String uri) {
return uri.contains("/swagger") || uri.contains("/v2/api-docs") || uri.contains("/configuration/ui") || uri.contains("/webjars/");
}
private boolean isOptionsMethod(HttpServletRequest httpServletRequest){
return httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS");
}
private void logRequest(HttpServletRequest servletRequest, HttpServletResponse servletResponse, long startTime) {
String uri = requestInfo.getUri();
if(!isHealthCheck(uri)) {
......
......@@ -49,7 +49,7 @@ public class LegalFilterTest {
legalFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Origin", "custom-domain");
Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH");
Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Credentials", "true");
Mockito.verify(httpServletResponse).addHeader("X-Frame-Options", "DENY");
......
......@@ -8,7 +8,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<docker.image.prefix>opendes</docker.image.prefix>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<os-core-common.version>0.6.9</os-core-common.version>
<os-core-common.version>0.8.1-SNAPSHOT</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<spring-web.version>5.1.19.RELEASE</spring-web.version>
</properties>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment