From 9d3d1a47bf7d8642fadc6c0680eed2743dc6c8f2 Mon Sep 17 00:00:00 2001 From: Twerl <e.ruighaver@student.tudelft.nl> Date: Mon, 14 Oct 2019 13:12:49 +0200 Subject: [PATCH] Fixes a bug where a request without an origin header would result in an NPE --- .../ewi/auta/core/authentication/CorsPatchFilter.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java b/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java index f71674fda..d79296dbf 100644 --- a/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java +++ b/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java @@ -10,6 +10,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; import org.springframework.web.filter.GenericFilterBean; +import javax.annotation.Nullable; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; @@ -187,10 +188,12 @@ public class CorsPatchFilter extends GenericFilterBean { * @return {@code true} if the headers may need patching, {@code false} otherwise */ private boolean requiresHeaderPatchCheck( - final HttpServletRequest req, final String origin + final HttpServletRequest req, final @Nullable String origin ) { final var allowedOrigins = this.settings.get("allowed API origins", List.class); - return allowedOrigins.contains(origin) && req.getRequestURI().startsWith("/api"); + return origin != null + && allowedOrigins.contains(origin) + && req.getRequestURI().startsWith("/api"); } /** -- GitLab