Commit c05c7e26 authored by Rene Lottes's avatar Rene Lottes
Browse files

Allow CORS for '/reqesidta' path

parent 54c938c6
......@@ -45,6 +45,8 @@ import org.openecard.control.binding.http.common.Http11Response;
public class CORSFilter {
private static final Collection<String> NO_CORS_PATHS;
private static final String REQESIDTA_PATH = "/reqesidta";
private static final String REQESIDTA_ALLOWED_HEADERS = "content-type, X-SSA-API-Endpoint, X-Digest-Algorithm, X-Signature-Algorithm";
static {
NO_CORS_PATHS = new LinkedList<>();
......@@ -62,7 +64,7 @@ public class CORSFilter {
String method = getMethod(httpRequest);
if (method != null) {
HttpResponse res = new Http11Response(HttpStatus.SC_OK);
if (OriginsList.isValidOrigin(origin)) {
if (OriginsList.isValidOrigin(origin) || isReqesidtaPath(httpRequest)) {
postProcess(httpRequest, res, context);
}
return res;
......@@ -97,7 +99,7 @@ public class CORSFilter {
httpResponse.addHeader("Access-Control-Allow-Methods", method);
}
// TODO: figure out if we need this header stuff
//httpResponse.addHeader("Access-Control-Allow-Headers", headers);
httpResponse.addHeader("Access-Control-Allow-Headers", REQESIDTA_ALLOWED_HEADERS);
}
}
}
......@@ -132,6 +134,11 @@ public class CORSFilter {
return acrmStr;
}
private boolean isReqesidtaPath(HttpRequest httpRequest) {
String uri = httpRequest.getRequestLine().getUri();
return uri.startsWith(REQESIDTA_PATH);
}
private boolean isNoCorsPath(String reqLineUri) {
for (String nextPath : NO_CORS_PATHS) {
if (reqLineUri.startsWith(nextPath)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment