diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java index a2b6e1dc418..e1ba9b988cb 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java @@ -26,7 +26,6 @@ import java.util.Enumeration; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; - import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -36,8 +35,6 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpField; -import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; @@ -71,15 +68,15 @@ import org.eclipse.jetty.util.log.Logger; * can be cached by the client. Default value is 1800 seconds, or 30 * minutes *
  • allowCredentials, a boolean indicating if the resource allows - * requests with credentials. Default value is false
    • + * requests with credentials. Default value is true *
  • exposedHeaders, a comma separated list of HTTP headers that * are allowed to be exposed on the client. Default value is the * empty list
    • *
  • chainPreflight, if true preflight requests are chained to their * target resource for normal handling (as an OPTION request). Otherwise the - * filter will response to the preflight. Default is true.
    • + * filter will response to the preflight. Default is true. *

    - *

    A typical configuration could be: + *

    A typical configuration could be:

    * 
      * <web-app ...>
  *     ...
@@ -93,7 +90,7 @@ import org.eclipse.jetty.util.log.Logger;
  *     </filter-mapping>
  *     ...
  * </web-app>
- *

    + * */ public class CrossOriginFilter implements Filter { @@ -195,8 +192,8 @@ public class CrossOriginFilter implements Filter exposedHeaders.addAll(Arrays.asList(exposedHeadersConfig.split(","))); String chainPreflightConfig = config.getInitParameter(OLD_CHAIN_PREFLIGHT_PARAM); - if (chainPreflightConfig!=null) // TODO remove this - LOG.warn("DEPRECATED CONFIGURATION: Use "+CHAIN_PREFLIGHT_PARAM+ " instead of "+OLD_CHAIN_PREFLIGHT_PARAM); + if (chainPreflightConfig != null) + LOG.warn("DEPRECATED CONFIGURATION: Use " + CHAIN_PREFLIGHT_PARAM + " instead of " + OLD_CHAIN_PREFLIGHT_PARAM); else chainPreflightConfig = config.getInitParameter(CHAIN_PREFLIGHT_PARAM); if (chainPreflightConfig == null) @@ -206,13 +203,13 @@ public class CrossOriginFilter implements Filter if (LOG.isDebugEnabled()) { LOG.debug("Cross-origin filter configuration: " + - ALLOWED_ORIGINS_PARAM + " = " + allowedOriginsConfig + ", " + - ALLOWED_METHODS_PARAM + " = " + allowedMethodsConfig + ", " + - ALLOWED_HEADERS_PARAM + " = " + allowedHeadersConfig + ", " + - PREFLIGHT_MAX_AGE_PARAM + " = " + preflightMaxAgeConfig + ", " + - ALLOW_CREDENTIALS_PARAM + " = " + allowedCredentialsConfig + "," + - EXPOSED_HEADERS_PARAM + " = " + exposedHeadersConfig + "," + - CHAIN_PREFLIGHT_PARAM + " = " + chainPreflightConfig + ALLOWED_ORIGINS_PARAM + " = " + allowedOriginsConfig + ", " + + ALLOWED_METHODS_PARAM + " = " + allowedMethodsConfig + ", " + + ALLOWED_HEADERS_PARAM + " = " + allowedHeadersConfig + ", " + + PREFLIGHT_MAX_AGE_PARAM + " = " + preflightMaxAgeConfig + ", " + + ALLOW_CREDENTIALS_PARAM + " = " + allowedCredentialsConfig + "," + + EXPOSED_HEADERS_PARAM + " = " + exposedHeadersConfig + "," + + CHAIN_PREFLIGHT_PARAM + " = " + chainPreflightConfig ); } } @@ -297,7 +294,7 @@ public class CrossOriginFilter implements Filter { if (allowedOrigin.contains("*")) { - Matcher matcher = createMatcher(origin,allowedOrigin); + Matcher matcher = createMatcher(origin, allowedOrigin); if (matcher.matches()) return true; } @@ -319,8 +316,8 @@ public class CrossOriginFilter implements Filter private String parseAllowedWildcardOriginToRegex(String allowedOrigin) { - String regex = allowedOrigin.replace(".","\\."); - return regex.replace("*",".*"); // we want to be greedy here to match multiple subdomains, thus we use .* + String regex = allowedOrigin.replace(".", "\\."); + return regex.replace("*", ".*"); // we want to be greedy here to match multiple subdomains, thus we use .* } private boolean isSimpleRequest(HttpServletRequest request) @@ -362,7 +359,7 @@ public class CrossOriginFilter implements Filter private void handlePreflightResponse(HttpServletRequest request, HttpServletResponse response, String origin) { boolean methodAllowed = isMethodAllowed(request); - + if (!methodAllowed) return; List headersRequested = getAccessControlRequestHeaders(request); @@ -395,7 +392,7 @@ public class CrossOriginFilter implements Filter return result; } - List getAccessControlRequestHeaders (HttpServletRequest request) + private List getAccessControlRequestHeaders(HttpServletRequest request) { String accessControlRequestHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER); LOG.debug("{} is {}", ACCESS_CONTROL_REQUEST_HEADERS_HEADER, accessControlRequestHeaders); @@ -412,8 +409,7 @@ public class CrossOriginFilter implements Filter } return requestedHeaders; } - - + private boolean areHeadersAllowed(List requestedHeaders) { if (anyHeadersAllowed) @@ -421,13 +417,13 @@ public class CrossOriginFilter implements Filter LOG.debug("Any header is allowed"); return true; } - + boolean result = true; - for (String requestedHeader:requestedHeaders) + for (String requestedHeader : requestedHeaders) { boolean headerAllowed = false; - for (String allowedHeader:allowedHeaders) - { + for (String allowedHeader : allowedHeaders) + { if (requestedHeader.equalsIgnoreCase(allowedHeader.trim())) { headerAllowed = true;