Skip to content
Snippets Groups Projects
Commit 17ebcc13 authored by Erik Oudsen's avatar Erik Oudsen
Browse files

Merge branch 'cors-no-origin-npe' into 'development' 

CorsPatchFilter NPE

Closes #242

See merge request !138
parents 23cd6848 9d3d1a47
No related branches found
No related tags found
2 merge requests!148Release 2.3.0,!138CorsPatchFilter NPE
Pipeline #221986 passed
Stage: build
Stage: test
Show whitespace changes
Inline Side-by-side
core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java
+ 5
2
View file @ 17ebcc13
......@@ -10,6 +10,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.web.filter.GenericFilterBean;
import javax.annotation.Nullable;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
......@@ -187,10 +188,12 @@ public class CorsPatchFilter extends GenericFilterBean {
* @return {@code true} if the headers may need patching, {@code false} otherwise
*/
private boolean requiresHeaderPatchCheck(
final HttpServletRequest req, final String origin
final HttpServletRequest req, final @Nullable String origin
) {
final var allowedOrigins = this.settings.get("allowed API origins", List.class);
return allowedOrigins.contains(origin) && req.getRequestURI().startsWith("/api");
return origin != null
&& allowedOrigins.contains(origin)
&& req.getRequestURI().startsWith("/api");
}
/**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment