From ebad86bac8395eaee80c9d1e15ae9e26c69d562b Mon Sep 17 00:00:00 2001 From: zhouping Date: Wed, 5 Aug 2020 16:32:46 +0800 Subject: [PATCH] =?UTF-8?q?REPORT-34875=20=E8=B7=A8=E5=9F=9FCORS=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../fr/third/socketio/handler/EncoderHandler.java | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java b/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java index 238c965d8..ba5cfc3e6 100644 --- a/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java +++ b/fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java @@ -190,16 +190,13 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter { res.headers().add(HttpHeaderNames.SERVER, version); } - if (configuration.getOrigin() != null) { - res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, configuration.getOrigin()); - res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE); - } else { - if (origin != null) { - res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin); - res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE); - } else { - res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); + if (origin != null) { + String configOrigin = configuration.getOrigin(); + if (configOrigin != null && !"".equals(configOrigin) && !configOrigin.contains(origin)) { + throw new IllegalArgumentException(); } + res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, origin); + res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE); } }