only add cross origin header if the request is coming from a browser
This commit is contained in:
parent
e6ee276926
commit
5e8a021405
|
@ -0,0 +1,38 @@
|
|||
/*
|
||||
* Licensed to Elastic Search and Shay Banon under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. Elastic Search licenses this
|
||||
* file to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.elasticsearch.http;
|
||||
|
||||
import org.elasticsearch.common.Nullable;
|
||||
|
||||
/**
|
||||
*/
|
||||
public class HttpHelper {
|
||||
|
||||
public static boolean isBrowser(@Nullable String userAgent) {
|
||||
if (userAgent == null) {
|
||||
return false;
|
||||
}
|
||||
// chrome, safari, firefox, ie
|
||||
if (userAgent.startsWith("Mozilla")) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
|
@ -36,6 +36,7 @@ import org.elasticsearch.common.netty.handler.codec.http.HttpVersion;
|
|||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.http.HttpChannel;
|
||||
import org.elasticsearch.http.HttpException;
|
||||
import org.elasticsearch.http.HttpHelper;
|
||||
import org.elasticsearch.rest.RestResponse;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.rest.XContentRestResponse;
|
||||
|
@ -77,13 +78,15 @@ public class NettyHttpChannel implements HttpChannel {
|
|||
} else {
|
||||
resp = new DefaultHttpResponse(HttpVersion.HTTP_1_1, status);
|
||||
}
|
||||
// add support for cross origin
|
||||
resp.addHeader("Access-Control-Allow-Origin", "*");
|
||||
if (request.getMethod() == HttpMethod.OPTIONS) {
|
||||
// also add more access control parameters
|
||||
resp.addHeader("Access-Control-Max-Age", 1728000);
|
||||
resp.addHeader("Access-Control-Allow-Methods", "PUT, DELETE");
|
||||
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With");
|
||||
if (HttpHelper.isBrowser(request.getHeader(HttpHeaders.Names.USER_AGENT))) {
|
||||
// add support for cross origin
|
||||
resp.addHeader("Access-Control-Allow-Origin", "*");
|
||||
if (request.getMethod() == HttpMethod.OPTIONS) {
|
||||
// also add more access control parameters
|
||||
resp.addHeader("Access-Control-Max-Age", 1728000);
|
||||
resp.addHeader("Access-Control-Allow-Methods", "PUT, DELETE");
|
||||
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With");
|
||||
}
|
||||
}
|
||||
|
||||
// Convert the response content to a ChannelBuffer.
|
||||
|
|
Loading…
Reference in New Issue