Commit c05c7e26 authored by Rene Lottes's avatar Rene Lottes
Browse files

Allow CORS for '/reqesidta' path

parent 54c938c6
...@@ -45,6 +45,8 @@ import org.openecard.control.binding.http.common.Http11Response; ...@@ -45,6 +45,8 @@ import org.openecard.control.binding.http.common.Http11Response;
public class CORSFilter { public class CORSFilter {
private static final Collection<String> NO_CORS_PATHS; private static final Collection<String> NO_CORS_PATHS;
private static final String REQESIDTA_PATH = "/reqesidta";
private static final String REQESIDTA_ALLOWED_HEADERS = "content-type, X-SSA-API-Endpoint, X-Digest-Algorithm, X-Signature-Algorithm";
static { static {
NO_CORS_PATHS = new LinkedList<>(); NO_CORS_PATHS = new LinkedList<>();
...@@ -62,7 +64,7 @@ public class CORSFilter { ...@@ -62,7 +64,7 @@ public class CORSFilter {
String method = getMethod(httpRequest); String method = getMethod(httpRequest);
if (method != null) { if (method != null) {
HttpResponse res = new Http11Response(HttpStatus.SC_OK); HttpResponse res = new Http11Response(HttpStatus.SC_OK);
if (OriginsList.isValidOrigin(origin)) { if (OriginsList.isValidOrigin(origin) || isReqesidtaPath(httpRequest)) {
postProcess(httpRequest, res, context); postProcess(httpRequest, res, context);
} }
return res; return res;
...@@ -97,7 +99,7 @@ public class CORSFilter { ...@@ -97,7 +99,7 @@ public class CORSFilter {
httpResponse.addHeader("Access-Control-Allow-Methods", method); httpResponse.addHeader("Access-Control-Allow-Methods", method);
} }
// TODO: figure out if we need this header stuff // TODO: figure out if we need this header stuff
//httpResponse.addHeader("Access-Control-Allow-Headers", headers); httpResponse.addHeader("Access-Control-Allow-Headers", REQESIDTA_ALLOWED_HEADERS);
} }
} }
} }
...@@ -132,6 +134,11 @@ public class CORSFilter { ...@@ -132,6 +134,11 @@ public class CORSFilter {
return acrmStr; return acrmStr;
} }
private boolean isReqesidtaPath(HttpRequest httpRequest) {
String uri = httpRequest.getRequestLine().getUri();
return uri.startsWith(REQESIDTA_PATH);
}
private boolean isNoCorsPath(String reqLineUri) { private boolean isNoCorsPath(String reqLineUri) {
for (String nextPath : NO_CORS_PATHS) { for (String nextPath : NO_CORS_PATHS) {
if (reqLineUri.startsWith(nextPath)) { if (reqLineUri.startsWith(nextPath)) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment