Skip to content

Commit

Permalink
fix: cors filter should not store in local variable allowed origins
Browse files Browse the repository at this point in the history
oxAuth #1773
  • Loading branch information
yurem committed Apr 19, 2023
1 parent ff88134 commit a48f6c0
Showing 1 changed file with 8 additions and 10 deletions.
18 changes: 8 additions & 10 deletions Server/src/main/java/org/gluu/oxauth/filter/CorsFilter.java
Original file line number Diff line number Diff line change
Expand Up @@ -109,32 +109,31 @@ public void init(final FilterConfig filterConfig) throws ServletException {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
Collection<String> globalAllowedOrigins = new ArrayList<>(0);
if (this.filterEnabled) {
try {
globalAllowedOrigins = doFilterImpl(servletRequest);
// Set temporary client allowed origins
Collection<String> clientAllowedOrigins = doFilterImpl(servletRequest);
setContextClientAllowedOrigins(servletRequest, clientAllowedOrigins);
} catch (Exception ex) {
log.error("Failed to process request", ex);
}
super.doFilter(servletRequest, servletResponse, filterChain);
setAllowedOrigins(globalAllowedOrigins);
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}

protected Collection<String> doFilterImpl(ServletRequest servletRequest)
throws UnsupportedEncodingException, IOException, ServletException {
Collection<String> globalAllowedOrigins = getAllowedOrigins();
List<String> clientAuthorizedOrigins = null;

if (StringHelper.isNotEmpty(servletRequest.getParameter("client_id"))) {
String clientId = servletRequest.getParameter("client_id");
Client client = clientService.getClient(clientId);
if (client != null) {
String[] authorizedOriginsArray = client.getAuthorizedOrigins();
if (authorizedOriginsArray != null && authorizedOriginsArray.length > 0) {
List<String> clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray);
setAllowedOrigins(clientAuthorizedOrigins);
clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray);
}
}
} else {
Expand All @@ -157,15 +156,14 @@ protected Collection<String> doFilterImpl(ServletRequest servletRequest)
if (client != null) {
String[] authorizedOriginsArray = client.getAuthorizedOrigins();
if (authorizedOriginsArray != null && authorizedOriginsArray.length > 0) {
List<String> clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray);
setAllowedOrigins(clientAuthorizedOrigins);
clientAuthorizedOrigins = Arrays.asList(authorizedOriginsArray);
}
}
}
}
}

return globalAllowedOrigins;
return clientAuthorizedOrigins;
}
}

0 comments on commit a48f6c0

Please sign in to comment.