Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
authorMartin Taal <martin.taal@openbravo.com>
Tue, 27 Dec 2016 07:01:53 +0100
changeset 31044 3871cdf1a2e9
parent 31043 a86d5ba912d6
child 31045 631648405cf0
Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Added new public method to validate that an invalid origin is set on the header, other method is made private
again to limit public methods.
src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
--- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java	Mon Dec 26 21:17:14 2016 +0000
+++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java	Tue Dec 27 07:01:53 2016 +0100
@@ -60,7 +60,7 @@
    * @param request
    * @return true if the origin if the request is in the list of allowed domains
    */
-  public boolean fromAllowedOrigin(HttpServletRequest request) {
+  private boolean fromAllowedOrigin(HttpServletRequest request) {
     final String origin = request.getHeader("Origin");
 
     if (origin == null) {
@@ -75,6 +75,31 @@
     return false;
   }
 
+  /**
+   * Checks if an origin is set on the header, if not then false is returned. If there are no checkers installed then also false
+   * is returned. If there are checkers installed then the origin is checked and the result is returned.
+   * 
+   * Note: will return true if there is indeed an invalid confirmed origin.
+   */
+  public boolean isCheckedInvalidOrigin(HttpServletRequest request) {
+    final String origin = request.getHeader("Origin");
+
+    if (origin == null) {
+      return false;
+    }
+
+    if (getCheckers().isEmpty()) {
+      return false;
+    }
+
+    for (AllowedCrossDomainsChecker checker : getCheckers()) {
+      if (checker.isAllowedOrigin(request, origin)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
   private Collection<AllowedCrossDomainsChecker> getCheckers() {
     if (checkers == null) {
       setCheckers();