Pull request #626: REPORT-34875 跨域CORS漏洞

Merge in CORE/base-third from ~ZHOUPING/base-third:release/10.0 to release/10.0 * commit 'ebad86bac8395eaee80c9d1e15ae9e26c69d562b': REPORT-34875 跨域CORS漏洞
4 years ago · b178f8905e
1 changed files with 6 additions and 9 deletions
--- a/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java
+++ b/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java
@ -190,16 +190,13 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter {
            res.headers().add(HttpHeaderNames.SERVER, version);
        }
        if (configuration.getOrigin() != null) {
            res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, configuration.getOrigin());
            res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
        } else {
        if (origin != null) {
            String configOrigin = configuration.getOrigin();
            if (configOrigin != null && !"".equals(configOrigin) && !configOrigin.contains(origin)) {
                throw new IllegalArgumentException();
            }
            res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
            res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
            } else {
                res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
            }
        }
    }