Further fixes

Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
eclipse · Apr 15, 2021 · 75d621c · 75d621c
1 parent bc1415c
commit 75d621c
Showing 1 changed file with 13 additions and 15 deletions.
diff --git a/rest-api/core/src/main/java/org/eclipse/kapua/app/api/core/filter/CORSResponseFilter.java b/rest-api/core/src/main/java/org/eclipse/kapua/app/api/core/filter/CORSResponseFilter.java
@@ -113,21 +113,19 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         // For the actual request it will be available and we will check the CORS according to the scope.
         KapuaId scopeId = KapuaSecurityUtils.getSession() != null ? KapuaSecurityUtils.getSession().getScopeId() : null;
 
-        if (httpRequest.getMethod().equals("OPTIONS")) {
-            if (checkOrigin(origin, scopeId)) {
-                // Origin matches at least one defined Endpoint
-                httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
-                httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
-                httpResponse.addHeader("Vary", HttpHeaders.ORIGIN);
-            } else {
-                String msg = scopeId != null ?
-                        String.format("HTTP Origin not allowed: %s for scope: %s", origin, scopeId.toCompactId()) :
-                        String.format("HTTP Origin not allowed: %s", origin);
-
-                logger.error(msg);
-                httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, msg);
-                return;
-            }
+        if (checkOrigin(origin, scopeId)) {
+            // Origin matches at least one defined Endpoint
+            httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
+            httpResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+            httpResponse.addHeader("Vary", HttpHeaders.ORIGIN);
+        } else {
+            String msg = scopeId != null ?
+                    String.format("HTTP Origin not allowed: %s for scope: %s", origin, scopeId.toCompactId()) :
+                    String.format("HTTP Origin not allowed: %s", origin);
+
+            logger.error(msg);
+            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, msg);
+            return;
         }
 
         chain.doFilter(request, response);