opensource
/
fine-third
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Pull request #626: REPORT-34875 跨域CORS漏洞 

Merge in CORE/base-third from ~ZHOUPING/base-third:release/10.0 to release/10.0

* commit 'ebad86bac8395eaee80c9d1e15ae9e26c69d562b':
  REPORT-34875 跨域CORS漏洞
release/10.0
zhouping 4 years ago
parent
7444cd74f9 ebad86bac8
commit
b178f8905e
1 changed files with 6 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java

11
fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java
Unescape View File

@ -190,16 +190,13 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter {
res.headers().add(HttpHeaderNames.SERVER, version);
}
if (configuration.getOrigin() != null) {
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, configuration.getOrigin());
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
} else {
if (origin != null) {
String configOrigin = configuration.getOrigin();
if (configOrigin != null && !"".equals(configOrigin) && !configOrigin.contains(origin)) {
throw new IllegalArgumentException();
}
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
} else {
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
}
}
}

Write Preview
Loading…
Cancel
Save