diff options
| author | Anton Tananaev <anton.tananaev@gmail.com> | 2019-03-31 22:35:39 -0700 |
|---|---|---|
| committer | Anton Tananaev <anton.tananaev@gmail.com> | 2019-03-31 22:35:39 -0700 |
| commit | 59416923dcb3a756eaf532cc4259f2f6625c0762 (patch) | |
| tree | 9082dae6616deac8fda432b7bfd80e4a52b6d9dc /src/main/java/org/traccar/api/CorsResponseFilter.java | |
| parent | 79a129dd6327d932133d6b9a50190d3f4927bff9 (diff) | |
| download | trackermap-server-59416923dcb3a756eaf532cc4259f2f6625c0762.tar.gz trackermap-server-59416923dcb3a756eaf532cc4259f2f6625c0762.tar.bz2 trackermap-server-59416923dcb3a756eaf532cc4259f2f6625c0762.zip | |
Convert project to gradle
Diffstat (limited to 'src/main/java/org/traccar/api/CorsResponseFilter.java')
| -rw-r--r-- | src/main/java/org/traccar/api/CorsResponseFilter.java | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/main/java/org/traccar/api/CorsResponseFilter.java b/src/main/java/org/traccar/api/CorsResponseFilter.java new file mode 100644 index 000000000..227f80609 --- /dev/null +++ b/src/main/java/org/traccar/api/CorsResponseFilter.java @@ -0,0 +1,58 @@ +/* + * Copyright 2015 - 2018 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import io.netty.handler.codec.http.HttpHeaderNames; +import org.traccar.Context; + +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import java.io.IOException; + +public class CorsResponseFilter implements ContainerResponseFilter { + + private static final String ORIGIN_ALL = "*"; + private static final String HEADERS_ALL = "origin, content-type, accept, authorization"; + private static final String METHODS_ALL = "GET, POST, PUT, DELETE, OPTIONS"; + + @Override + public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { + if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString())) { + response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString(), HEADERS_ALL); + } + + if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString())) { + response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString(), true); + } + + if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString())) { + response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString(), METHODS_ALL); + } + + if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString())) { + String origin = request.getHeaderString(HttpHeaderNames.ORIGIN.toString()); + String allowed = Context.getConfig().getString("web.origin"); + + if (origin == null) { + response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), ORIGIN_ALL); + } else if (allowed == null || allowed.equals(ORIGIN_ALL) || allowed.contains(origin)) { + response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), origin); + } + } + } + +} |