From 9d3d1a47bf7d8642fadc6c0680eed2743dc6c8f2 Mon Sep 17 00:00:00 2001
From: Twerl <e.ruighaver@student.tudelft.nl>
Date: Mon, 14 Oct 2019 13:12:49 +0200
Subject: [PATCH] Fixes a bug where a request without an origin header would
 result in an NPE

---
 .../ewi/auta/core/authentication/CorsPatchFilter.java      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java b/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java
index f71674fda..d79296dbf 100644
--- a/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java
+++ b/core/src/main/java/nl/tudelft/ewi/auta/core/authentication/CorsPatchFilter.java
@@ -10,6 +10,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 import org.springframework.web.filter.GenericFilterBean;
 
+import javax.annotation.Nullable;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -187,10 +188,12 @@ public class CorsPatchFilter extends GenericFilterBean {
      * @return {@code true} if the headers may need patching, {@code false} otherwise
      */
     private boolean requiresHeaderPatchCheck(
-            final HttpServletRequest req, final String origin
+            final HttpServletRequest req, final @Nullable String origin
     ) {
         final var allowedOrigins = this.settings.get("allowed API origins", List.class);
-        return allowedOrigins.contains(origin) && req.getRequestURI().startsWith("/api");
+        return origin != null
+                && allowedOrigins.contains(origin)
+                && req.getRequestURI().startsWith("/api");
     }
 
     /**
-- 
GitLab