From 32f5c3ce86ed63ec880c31f337821285be52a94f Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sat, 23 Apr 2016 11:10:47 +1200
Subject: Fix issues with CORS requests

---
 src/org/traccar/api/BaseResource.java          | 6 ------
 src/org/traccar/api/CorsResponseFilter.java    | 4 ++--
 src/org/traccar/api/SecurityRequestFilter.java | 5 +++--
 3 files changed, 5 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java
index ab891b832..4dafc084c 100644
--- a/src/org/traccar/api/BaseResource.java
+++ b/src/org/traccar/api/BaseResource.java
@@ -33,10 +33,4 @@ public class BaseResource {
         return 0;
     }
 
-    @PermitAll
-    @OPTIONS
-    public Response options() {
-        return Response.noContent().build();
-    }
-
 }
diff --git a/src/org/traccar/api/CorsResponseFilter.java b/src/org/traccar/api/CorsResponseFilter.java
index 349580e2f..67d312504 100644
--- a/src/org/traccar/api/CorsResponseFilter.java
+++ b/src/org/traccar/api/CorsResponseFilter.java
@@ -47,9 +47,9 @@ public class CorsResponseFilter implements ContainerResponseFilter {
             String origin = request.getHeaderString(HttpHeaders.Names.ORIGIN);
             String allowed = Context.getConfig().getString("web.origin");
 
-            if (allowed == null || origin == null) {
+            if (origin == null) {
                 response.getHeaders().add(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ORIGIN_ALL);
-            } else if (allowed.equals(ORIGIN_ALL) || allowed.contains(origin)) {
+            } else if (allowed == null || allowed.equals(ORIGIN_ALL) || allowed.contains(origin)) {
                 response.getHeaders().add(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
             }
         }
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index 4c6137ede..0f0de2dec 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -57,7 +57,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
     public void filter(ContainerRequestContext requestContext) {
 
         if (requestContext.getMethod().equals("OPTIONS")) {
-            throw new WebApplicationException(Response.status(Response.Status.OK).build());
+            return;
         }
 
         SecurityContext securityContext = null;
@@ -93,6 +93,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
                         Response.status(Response.Status.UNAUTHORIZED).header(WWW_AUTHENTICATE, BASIC_REALM).build());
             }
         }
+
     }
 
 }
-- 
cgit v1.2.3