Skip to content

Commit

Permalink
modification to cors filtering logic typo sec-fetch-site check
Browse files Browse the repository at this point in the history
  • Loading branch information
@Agnul97
Agnul97 committed Mar 27, 2023
1 parent aa5e04a commit 4d65067
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ...rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
if (Strings.isNullOrEmpty(origin)) {
logger.warn("'Origin' header not present in request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT));
} else {
if (!"same-site".equals(fetchSite)) {
if (!"same-origin".equals(fetchSite)) {
// Origin header present, so it's a CORS request. Apply all the required logics
httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT");
httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "X-Requested-With, Content-Type, Authorization");
Expand All @@ -130,7 +130,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
}
}
} else {
logger.debug("HTTP same-site origin detected and allowed. Request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT));
logger.debug("HTTP sec-fetch-site same-origin detected and allowed. Request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT));
}
}
int errorCode = httpResponse.getStatus();
Expand Down

0 comments on commit 4d65067

Please sign in to comment.