From 4d65067949b05948f901ff38c0c342fc0dc19f2d Mon Sep 17 00:00:00 2001 From: Agnul97 Date: Mon, 27 Mar 2023 16:44:44 +0200 Subject: [PATCH] modification to cors filtering logic typo sec-fetch-site check --- .../kapua/commons/rest/filters/CORSResponseFilter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/commons-rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java b/commons-rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java index 15be48910a1..b17e8e2ad15 100644 --- a/commons-rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java +++ b/commons-rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java @@ -111,7 +111,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha if (Strings.isNullOrEmpty(origin)) { logger.warn("'Origin' header not present in request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT)); } else { - if (!"same-site".equals(fetchSite)) { + if (!"same-origin".equals(fetchSite)) { // Origin header present, so it's a CORS request. Apply all the required logics httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT"); httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "X-Requested-With, Content-Type, Authorization"); @@ -130,7 +130,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } } else { - logger.debug("HTTP same-site origin detected and allowed. Request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT)); + logger.debug("HTTP sec-fetch-site same-origin detected and allowed. Request: {} {}. User-Agent is: {}", httpRequest.getMethod(), httpRequest.getPathInfo(), httpRequest.getHeader(HttpHeaders.USER_AGENT)); } } int errorCode = httpResponse.getStatus();