diff options
author | casswarry0 <casswarry0@gmail.com> | 2023-01-17 17:14:53 -0700 |
---|---|---|
committer | casswarry0 <casswarry0@gmail.com> | 2023-01-17 17:14:53 -0700 |
commit | 7338b8730949ed027b3f8b31d7dca20687ebbb8b (patch) | |
tree | c2d171e6121818ab511460a786f69aab97a2a628 /src/main/java/org/traccar/api/CorsResponseFilter.java | |
parent | cdecd3fa4427a382c0b09f8ad9d69ec14388960a (diff) | |
parent | 85501f9cf4918d5eee345f83aed7a31eecb26b8d (diff) | |
download | trackermap-server-7338b8730949ed027b3f8b31d7dca20687ebbb8b.tar.gz trackermap-server-7338b8730949ed027b3f8b31d7dca20687ebbb8b.tar.bz2 trackermap-server-7338b8730949ed027b3f8b31d7dca20687ebbb8b.zip |
Merge branch 'master' into develop
Diffstat (limited to 'src/main/java/org/traccar/api/CorsResponseFilter.java')
-rw-r--r-- | src/main/java/org/traccar/api/CorsResponseFilter.java | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/main/java/org/traccar/api/CorsResponseFilter.java b/src/main/java/org/traccar/api/CorsResponseFilter.java index 91aea5718..67d0341a1 100644 --- a/src/main/java/org/traccar/api/CorsResponseFilter.java +++ b/src/main/java/org/traccar/api/CorsResponseFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2018 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,16 +16,26 @@ package org.traccar.api; import io.netty.handler.codec.http.HttpHeaderNames; -import org.traccar.Context; +import org.traccar.config.Config; import org.traccar.config.Keys; +import javax.inject.Inject; +import javax.inject.Singleton; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import java.io.IOException; +@Singleton public class CorsResponseFilter implements ContainerResponseFilter { + private final String allowed; + + @Inject + public CorsResponseFilter(Config config) { + allowed = config.getString(Keys.WEB_ORIGIN); + } + private static final String ORIGIN_ALL = "*"; private static final String HEADERS_ALL = "origin, content-type, accept, authorization"; private static final String METHODS_ALL = "GET, POST, PUT, DELETE, OPTIONS"; @@ -46,8 +56,6 @@ public class CorsResponseFilter implements ContainerResponseFilter { if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString())) { String origin = request.getHeaderString(HttpHeaderNames.ORIGIN.toString()); - String allowed = Context.getConfig().getString(Keys.WEB_ORIGIN); - if (origin == null) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), ORIGIN_ALL); } else if (allowed == null || allowed.equals(ORIGIN_ALL) || allowed.contains(origin)) { |