From 72990e362c9b4eb7d337c97e35379edbe9d5ee5e Mon Sep 17 00:00:00 2001 From: anetteOlli Date: Thu, 4 Jul 2024 16:40:34 +0200 Subject: [PATCH] limit-allow-origin-bug, fixed --- .../main/java/nva/commons/apigateway/ApiGatewayHandler.java | 3 ++- .../java/nva/commons/apigateway/ApiGatewayHandlerTest.java | 4 ++-- buildSrc/src/main/groovy/nvacommons.java-conventions.gradle | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java b/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java index 138bd08f..3b536563 100644 --- a/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java +++ b/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java @@ -47,6 +47,7 @@ public abstract class ApiGatewayHandler extends RestRequestHandler { public static final String ALL_ORIGINS_ALLOWED = "*"; public static final String ORIGIN_DELIMITER = ","; public static final String FALLBACK_ORIGIN = "https://nva.sikt.no"; + public static final String ORIGIN_HEADER = "origin"; private final ObjectMapper objectMapper; @@ -83,7 +84,7 @@ private String readAllowedOrigin(RequestInfo requestInfo) { if (originsList.contains(ALL_ORIGINS_ALLOWED)) { return ALL_ORIGINS_ALLOWED; } - var requestOrigin = requestInfo.getHeader("Origin"); + var requestOrigin = requestInfo.getHeader(ORIGIN_HEADER); if (originsList.contains(requestOrigin)) { return requestOrigin; } diff --git a/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java b/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java index c800eb39..e2442468 100644 --- a/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java +++ b/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java @@ -1,7 +1,6 @@ package nva.commons.apigateway; import static com.google.common.net.HttpHeaders.CONTENT_TYPE; -import static com.google.common.net.HttpHeaders.ORIGIN; import static com.google.common.net.HttpHeaders.STRICT_TRANSPORT_SECURITY; import static com.google.common.net.HttpHeaders.VARY; import static com.google.common.net.HttpHeaders.X_CONTENT_TYPE_OPTIONS; @@ -14,6 +13,7 @@ import static nva.commons.apigateway.ApiGatewayHandler.ALLOWED_ORIGIN_ENV; import static nva.commons.apigateway.ApiGatewayHandler.ALL_ORIGINS_ALLOWED; import static nva.commons.apigateway.ApiGatewayHandler.FALLBACK_ORIGIN; +import static nva.commons.apigateway.ApiGatewayHandler.ORIGIN_HEADER; import static nva.commons.apigateway.ApiGatewayHandler.REQUEST_ID; import static nva.commons.apigateway.MediaTypes.APPLICATION_PROBLEM_JSON; import static nva.commons.apigateway.RestConfig.defaultRestObjectMapper; @@ -686,7 +686,7 @@ private JsonNode createHeaders() { Map headers = new ConcurrentHashMap<>(); headers.put(HttpHeaders.ACCEPT, MediaType.JSON_UTF_8.toString()); headers.put(CONTENT_TYPE, MediaType.JSON_UTF_8.toString()); - headers.put(ORIGIN, "https://example.com"); + headers.put(ORIGIN_HEADER, "https://example.com"); headers.put(X_CONTENT_TYPE_OPTIONS, "nosniff"); headers.put(STRICT_TRANSPORT_SECURITY, "max-age=63072000; includeSubDomains; preload"); return createHeaders(headers); diff --git a/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle b/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle index fe3decc1..dc659e28 100644 --- a/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle +++ b/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle @@ -9,7 +9,7 @@ plugins { } group 'com.github.bibsysdev' -version = '1.40.4' +version = '1.40.5' java.sourceCompatibility = JavaVersion.VERSION_17 // source-code version and must be <= targetCompatibility