From a20e996c0929bcca43e5b5595f7ec320fad3c213 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Mon, 7 Dec 2015 09:41:42 +1300 Subject: Restrict CORS origin header value --- src/org/traccar/web/BaseServlet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/org/traccar/web') diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java index 69a073d39..8b022d556 100644 --- a/src/org/traccar/web/BaseServlet.java +++ b/src/org/traccar/web/BaseServlet.java @@ -56,7 +56,7 @@ public abstract class BaseServlet extends HttpServlet { if (allowed == null) { resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE); } else if (allowed.contains(origin)) { - String originSafe = URLEncoder.encode(origin, StandardCharsets.UTF_8.displayName()); + String originSafe = URLEncoder.encode(origin, StandardCharsets.UTF_8.name()); resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, originSafe); } -- cgit v1.2.3