aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-11-15 10:31:45 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-11-15 10:31:45 +1300
commitf3db87f0a718c9999313bc133b60ff54055ccfba (patch)
tree287a8f5f7f663fd1511cc2875e459a24d812ff09 /src
parenta79893a68065f4fd1eb684c9df1c346cd7841a83 (diff)
downloadtraccar-server-f3db87f0a718c9999313bc133b60ff54055ccfba.tar.gz
traccar-server-f3db87f0a718c9999313bc133b60ff54055ccfba.tar.bz2
traccar-server-f3db87f0a718c9999313bc133b60ff54055ccfba.zip
Allow multiple origin domains (fix #1526)
Diffstat (limited to 'src')
-rw-r--r--src/org/traccar/web/BaseServlet.java11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java
index c3506693f..283edf1e5 100644
--- a/src/org/traccar/web/BaseServlet.java
+++ b/src/org/traccar/web/BaseServlet.java
@@ -53,10 +53,17 @@ public abstract class BaseServlet extends HttpServlet {
try {
resp.setContentType(APPLICATION_JSON);
resp.setCharacterEncoding(CharsetUtil.UTF_8.name());
- resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN,
- Context.getConfig().getString("web.origin", ALLOW_ORIGIN_VALUE));
resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS_VALUE);
resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_METHODS, ALLOW_METHODS_VALUE);
+
+ String origin = req.getHeader(HttpHeaders.Names.ORIGIN);
+ String allowed = Context.getConfig().getString("web.origin");
+ if (allowed == null) {
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE);
+ } else if (allowed.contains(origin)) {
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+ }
+
if (!handle(getCommand(req), req, resp)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
}