limit-allow-origin-bug, fixed

BIBSYSDEV · Jul 4, 2024 · 72990e3 · 72990e3
1 parent 5a09c4e
commit 72990e3
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java b/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java
@@ -47,6 +47,7 @@ public abstract class ApiGatewayHandler<I, O> extends RestRequestHandler<I, O> {
     public static final String ALL_ORIGINS_ALLOWED = "*";
     public static final String ORIGIN_DELIMITER = ",";
     public static final String FALLBACK_ORIGIN  = "https://nva.sikt.no";
+    public static final String ORIGIN_HEADER = "origin";
 
     private final ObjectMapper objectMapper;
 
@@ -83,7 +84,7 @@ private String readAllowedOrigin(RequestInfo requestInfo) {
         if (originsList.contains(ALL_ORIGINS_ALLOWED)) {
             return ALL_ORIGINS_ALLOWED;
         }
-        var requestOrigin = requestInfo.getHeader("Origin");
+        var requestOrigin = requestInfo.getHeader(ORIGIN_HEADER);
         if (originsList.contains(requestOrigin)) {
             return requestOrigin;
         }

diff --git a/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java b/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java
@@ -1,7 +1,6 @@
 package nva.commons.apigateway;
 
 import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
-import static com.google.common.net.HttpHeaders.ORIGIN;
 import static com.google.common.net.HttpHeaders.STRICT_TRANSPORT_SECURITY;
 import static com.google.common.net.HttpHeaders.VARY;
 import static com.google.common.net.HttpHeaders.X_CONTENT_TYPE_OPTIONS;
@@ -14,6 +13,7 @@
 import static nva.commons.apigateway.ApiGatewayHandler.ALLOWED_ORIGIN_ENV;
 import static nva.commons.apigateway.ApiGatewayHandler.ALL_ORIGINS_ALLOWED;
 import static nva.commons.apigateway.ApiGatewayHandler.FALLBACK_ORIGIN;
+import static nva.commons.apigateway.ApiGatewayHandler.ORIGIN_HEADER;
 import static nva.commons.apigateway.ApiGatewayHandler.REQUEST_ID;
 import static nva.commons.apigateway.MediaTypes.APPLICATION_PROBLEM_JSON;
 import static nva.commons.apigateway.RestConfig.defaultRestObjectMapper;
@@ -686,7 +686,7 @@ private JsonNode createHeaders() {
         Map<String, String> headers = new ConcurrentHashMap<>();
         headers.put(HttpHeaders.ACCEPT, MediaType.JSON_UTF_8.toString());
         headers.put(CONTENT_TYPE, MediaType.JSON_UTF_8.toString());
-        headers.put(ORIGIN, "https://example.com");
+        headers.put(ORIGIN_HEADER, "https://example.com");
         headers.put(X_CONTENT_TYPE_OPTIONS, "nosniff");
         headers.put(STRICT_TRANSPORT_SECURITY, "max-age=63072000; includeSubDomains; preload");
         return createHeaders(headers);

diff --git a/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle b/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle
@@ -9,7 +9,7 @@ plugins {
 }
 
 group 'com.github.bibsysdev'
-version = '1.40.4'
+version = '1.40.5'
 
 
 java.sourceCompatibility = JavaVersion.VERSION_17  // source-code version and must be <= targetCompatibility