diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-11-15 10:31:45 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-11-15 10:31:45 +1300 |
commit | f3db87f0a718c9999313bc133b60ff54055ccfba (patch) | |
tree | 287a8f5f7f663fd1511cc2875e459a24d812ff09 /src | |
parent | a79893a68065f4fd1eb684c9df1c346cd7841a83 (diff) | |
download | trackermap-server-f3db87f0a718c9999313bc133b60ff54055ccfba.tar.gz trackermap-server-f3db87f0a718c9999313bc133b60ff54055ccfba.tar.bz2 trackermap-server-f3db87f0a718c9999313bc133b60ff54055ccfba.zip |
Allow multiple origin domains (fix #1526)
Diffstat (limited to 'src')
-rw-r--r-- | src/org/traccar/web/BaseServlet.java | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java index c3506693f..283edf1e5 100644 --- a/src/org/traccar/web/BaseServlet.java +++ b/src/org/traccar/web/BaseServlet.java @@ -53,10 +53,17 @@ public abstract class BaseServlet extends HttpServlet { try { resp.setContentType(APPLICATION_JSON); resp.setCharacterEncoding(CharsetUtil.UTF_8.name()); - resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, - Context.getConfig().getString("web.origin", ALLOW_ORIGIN_VALUE)); resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS_VALUE); resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_METHODS, ALLOW_METHODS_VALUE); + + String origin = req.getHeader(HttpHeaders.Names.ORIGIN); + String allowed = Context.getConfig().getString("web.origin"); + if (allowed == null) { + resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE); + } else if (allowed.contains(origin)) { + resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, origin); + } + if (!handle(getCommand(req), req, resp)) { resp.sendError(HttpServletResponse.SC_BAD_REQUEST); } |