public class NuxeoCorsCsrfFilter extends Object implements javax.servlet.Filter
Modifier and Type | Class and Description |
---|---|
static class |
NuxeoCorsCsrfFilter.IgnoredOriginRequestWrapper
Wrapper for the request to hide the Origin header.
|
Modifier and Type | Field and Description |
---|---|
static String |
GET |
static String |
HEAD |
static String |
OPTIONS |
static List<String> |
SCHEMES_ALLOWED |
static String |
TRACE |
Constructor and Description |
---|
NuxeoCorsCsrfFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain chain) |
URI |
getSourceURI(javax.servlet.http.HttpServletRequest request)
Gets the source URI: the URI of the page from which the request is actually coming.
|
URI |
getTargetURI(javax.servlet.http.HttpServletRequest request)
Gets the target URI: the URI to which the browser is connecting.
|
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isWhitelistedScheme(URI uri) |
protected javax.servlet.http.HttpServletRequest |
maybeIgnoreWhitelistedOrigin(javax.servlet.http.HttpServletRequest request) |
boolean |
sourceAndTargetMatch(URI sourceURI,
URI targetURI) |
public static final String GET
public static final String HEAD
public static final String OPTIONS
public static final String TRACE
public static final List<String> SCHEMES_ALLOWED
public NuxeoCorsCsrfFilter()
public void init(javax.servlet.FilterConfig filterConfig)
init
in interface javax.servlet.Filter
public void destroy()
destroy
in interface javax.servlet.Filter
public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public URI getSourceURI(javax.servlet.http.HttpServletRequest request)
public URI getTargetURI(javax.servlet.http.HttpServletRequest request)
public boolean sourceAndTargetMatch(URI sourceURI, URI targetURI)
protected javax.servlet.http.HttpServletRequest maybeIgnoreWhitelistedOrigin(javax.servlet.http.HttpServletRequest request)
protected boolean isWhitelistedScheme(URI uri)
Copyright © 2018 Nuxeo. All rights reserved.