Improve error handling in WebUtils.isValidOrigin()

With this commit, WebUtils.isValidOrigin() logs an error message instead
of throwing an IllegalArgumentException when Origin header value is
invalid (for example when it does not contain the scheme).

Issue: SPR-12697
This commit is contained in:
Sebastien Deleuze
2015-02-19 14:12:10 +01:00
parent adb502a0de
commit 40cbede7f3
2 changed files with 17 additions and 1 deletions

View File

@@ -142,6 +142,10 @@ public class WebUtilsTests {
request.getHeaders().set(HttpHeaders.ORIGIN, "https://mydomain1.com");
assertFalse(WebUtils.isValidOrigin(request, allowedOrigins));
servletRequest.setServerName("invalid-origin");
request.getHeaders().set(HttpHeaders.ORIGIN, "invalid-origin");
assertFalse(WebUtils.isValidOrigin(request, allowedOrigins));
allowedOrigins = Arrays.asList("*");
servletRequest.setServerName("mydomain1.com");
request.getHeaders().set(HttpHeaders.ORIGIN, "http://mydomain2.com");