Browse Source

Merge pull request #634 in CORE/base-third from release/10.0 to bugfix/10.0

* commit '206a78c0f62d13f9c394a2bf5029f6cd806018c3':
  REPORT-34875 跨域CORS漏洞
bugfix/10.0
superman 4 years ago
parent
commit
d6dc991aa6
  1. 15
      fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java

15
fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java

@ -190,16 +190,13 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter {
res.headers().add(HttpHeaderNames.SERVER, version);
}
if (configuration.getOrigin() != null) {
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, configuration.getOrigin());
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
} else {
if (origin != null) {
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
} else {
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
if (origin != null) {
String configOrigin = configuration.getOrigin();
if (configOrigin != null && !"".equals(configOrigin) && !configOrigin.contains(origin)) {
throw new IllegalArgumentException();
}
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
}
}

Loading…
Cancel
Save