List of usage examples for org.springframework.http HttpHeaders ORIGIN
String ORIGIN
To view the source code for org.springframework.http HttpHeaders ORIGIN.
Click Source Link
From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java
@Test public void testCorsXHRRequestFromAllowedOriginForSwaggerUIApi() throws Exception { HttpGet request = new HttpGet(this.acsBaseUrl + SWAGGER_API); request.setHeader(HttpHeaders.ORIGIN, "http://someone.predix.io"); request.setHeader("X-Requested-With", "true"); HttpResponse response = client.execute(request); System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); System.out.println("Access-Control-Allow-Origin : " + response.getHeaders("Access-Control-Allow-Origin")[0].getValue()); Assert.assertEquals(response.getStatusLine().getStatusCode(), 200); Assert.assertTrue(response.containsHeader("Access-Control-Allow-Origin")); }
From source file:zipkin.server.ZipkinServerCORSTest.java
@Test public void shouldAllowConfiguredOrigin() throws Exception { mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build(); mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "foo.example.com")) .andExpect(status().isOk()); performAsync(post("/api/v1/spans").content("[]").header(HttpHeaders.ORIGIN, "foo.example.com")) .andExpect(status().isAccepted()); }
From source file:com.devicehive.websockets.WebSocketAuthenticationManager.java
public HiveAuthentication.HiveAuthDetails getDetails(WebSocketSession session) { List<String> originList = session.getHandshakeHeaders().get(HttpHeaders.ORIGIN); List<String> authList = session.getHandshakeHeaders().get(HttpHeaders.AUTHORIZATION); String origin = originList == null || originList.isEmpty() ? null : originList.get(0); String auth = authList == null || authList.isEmpty() ? null : authList.get(0); return new HiveAuthentication.HiveAuthDetails(session.getRemoteAddress().getAddress(), origin, auth); }
From source file:zipkin.server.ZipkinServerCORSTest.java
@Test public void shouldDisallowOrigin() throws Exception { mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build(); mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "bar.example.com")) .andExpect(status().isForbidden()); mockMvc.perform(post("/api/v1/spans").content("[]").header(HttpHeaders.ORIGIN, "bar.example.com")) .andExpect(status().isForbidden()); }
From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java
@Test public void testCorsXHRRequestFromNotWhitelistedOriginForSwaggerUIApi() throws Exception { HttpGet request = new HttpGet(this.acsBaseUrl + SWAGGER_API); request.setHeader(HttpHeaders.ORIGIN, "Origin: http://someone.predix.nert"); request.setHeader("X-Requested-With", "true"); HttpResponse response = client.execute(request); System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); System.out.println(//from ww w . jav a2 s.c o m "Access-Control-Allow-Origin : " + response.getHeaders("Access-Control-Allow-Origin").length); Assert.assertEquals(response.getStatusLine().getStatusCode(), 403); Assert.assertFalse(response.containsHeader("Access-Control-Allow-Origin")); }
From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java
@Test public void testCorsXHRRequestFromWhitelistedOriginForNonSwaggerUIApi() throws Exception { HttpGet request = new HttpGet(this.acsBaseUrl + "/acs"); request.setHeader(HttpHeaders.ORIGIN, "http://someone.predix.io"); request.setHeader("X-Requested-With", "true"); HttpResponse response = client.execute(request); System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); System.out.println(/*w w w .ja va2s .com*/ "Access-Control-Allow-Origin : " + response.getHeaders("Access-Control-Allow-Origin").length); Assert.assertEquals(response.getStatusLine().getStatusCode(), 403); Assert.assertFalse(response.containsHeader("Access-Control-Allow-Origin")); }
From source file:com.ge.predix.web.cors.CORSFilter.java
@Override protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException { if (!isCrossOriginRequest(request)) { filterChain.doFilter(request, response); return;//from w w w .j a v a 2s . co m } if (isXhrRequest(request)) { String method = request.getMethod(); if (!isCorsXhrAllowedMethod(method)) { response.setStatus(HttpStatus.METHOD_NOT_ALLOWED.value()); return; } String origin = request.getHeader(HttpHeaders.ORIGIN); // Validate the origin so we don't reflect back any potentially dangerous content. URI originURI; try { originURI = new URI(origin); } catch (URISyntaxException e) { response.setStatus(HttpStatus.FORBIDDEN.value()); return; } String requestUri = request.getRequestURI(); if (!isCorsXhrAllowedRequestUri(requestUri) || !isCorsXhrAllowedOrigin(origin)) { response.setStatus(HttpStatus.FORBIDDEN.value()); return; } response.addHeader("Access-Control-Allow-Origin", originURI.toString()); if ("OPTIONS".equals(request.getMethod())) { buildCorsXhrPreFlightResponse(request, response); } else { filterChain.doFilter(request, response); } return; } response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.addHeader("Access-Control-Allow-Headers", "Authorization"); response.addHeader("Access-Control-Max-Age", "1728000"); } else { filterChain.doFilter(request, response); } }
From source file:com.devicehive.auth.rest.HttpAuthenticationFilter.java
private HiveAuthentication.HiveAuthDetails createUserDetails(HttpServletRequest request) throws UnknownHostException { return new HiveAuthentication.HiveAuthDetails(InetAddress.getByName(request.getRemoteAddr()), request.getHeader(HttpHeaders.ORIGIN), request.getHeader(HttpHeaders.AUTHORIZATION)); }
From source file:com.ge.predix.web.cors.CORSFilter.java
private boolean isCrossOriginRequest(final HttpServletRequest request) { if (StringUtils.isEmpty(request.getHeader(HttpHeaders.ORIGIN))) { return false; }//from w ww . j a v a 2 s . c o m return true; }
From source file:zipkin.server.ZipkinServerIntegrationTest.java
@Test public void shouldAllowAnyOriginByDefault() throws Exception { mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "foo.example.com")) .andExpect(status().isOk()); }