limit-allow-origin-bug (#503)

* limit-allow-origin-bug, fixed * limit-allow-origin-bug, code-review
BIBSYSDEV · Jul 5, 2024 · e5328c9 · e5328c9
1 parent 5a09c4e
commit e5328c9
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java b/apigateway/src/main/java/nva/commons/apigateway/ApiGatewayHandler.java
@@ -2,6 +2,7 @@
 
 import static com.google.common.net.HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN;
 import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
+import static com.google.common.net.HttpHeaders.ORIGIN;
 import static com.google.common.net.HttpHeaders.STRICT_TRANSPORT_SECURITY;
 import static com.google.common.net.HttpHeaders.VARY;
 import static com.google.common.net.HttpHeaders.X_CONTENT_TYPE_OPTIONS;
@@ -83,7 +84,7 @@ private String readAllowedOrigin(RequestInfo requestInfo) {
         if (originsList.contains(ALL_ORIGINS_ALLOWED)) {
             return ALL_ORIGINS_ALLOWED;
         }
-        var requestOrigin = requestInfo.getHeader("Origin");
+        var requestOrigin = requestInfo.getHeader(ORIGIN);
         if (originsList.contains(requestOrigin)) {
             return requestOrigin;
         }

diff --git a/apigateway/src/main/java/nva/commons/apigateway/RequestInfo.java b/apigateway/src/main/java/nva/commons/apigateway/RequestInfo.java
@@ -117,8 +117,11 @@ public static RequestInfo fromRequest(InputStream requestStream) {
 
     @JsonIgnore
     public String getHeader(String header) {
-        return Optional.ofNullable(getHeaders().get(header))
-                   .orElseThrow(() -> new IllegalArgumentException(MISSING_FROM_HEADERS + header));
+        return getHeaders().entrySet().stream()
+                .filter(entry -> entry.getKey().equalsIgnoreCase(header))
+                .findFirst()
+                .map(Map.Entry::getValue)
+                .orElseThrow(() -> new IllegalArgumentException(MISSING_FROM_HEADERS + header));
     }
 
     @JsonIgnore

diff --git a/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java b/apigateway/src/test/java/nva/commons/apigateway/ApiGatewayHandlerTest.java
@@ -1,7 +1,6 @@
 package nva.commons.apigateway;
 
 import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
-import static com.google.common.net.HttpHeaders.ORIGIN;
 import static com.google.common.net.HttpHeaders.STRICT_TRANSPORT_SECURITY;
 import static com.google.common.net.HttpHeaders.VARY;
 import static com.google.common.net.HttpHeaders.X_CONTENT_TYPE_OPTIONS;
@@ -686,7 +685,7 @@ private JsonNode createHeaders() {
         Map<String, String> headers = new ConcurrentHashMap<>();
         headers.put(HttpHeaders.ACCEPT, MediaType.JSON_UTF_8.toString());
         headers.put(CONTENT_TYPE, MediaType.JSON_UTF_8.toString());
-        headers.put(ORIGIN, "https://example.com");
+        headers.put("origin", "https://example.com");
         headers.put(X_CONTENT_TYPE_OPTIONS, "nosniff");
         headers.put(STRICT_TRANSPORT_SECURITY, "max-age=63072000; includeSubDomains; preload");
         return createHeaders(headers);

diff --git a/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle b/buildSrc/src/main/groovy/nvacommons.java-conventions.gradle
@@ -9,7 +9,7 @@ plugins {
 }
 
 group 'com.github.bibsysdev'
-version = '1.40.4'
+version = '1.40.5'
 
 
 java.sourceCompatibility = JavaVersion.VERSION_17  // source-code version and must be <= targetCompatibility