Improve error handling in WebUtils.isValidOrigin()
With this commit, WebUtils.isValidOrigin() logs an error message instead of throwing an IllegalArgumentException when Origin header value is invalid (for example when it does not contain the scheme). Issue: SPR-12697
This commit is contained in:
@@ -142,6 +142,10 @@ public class WebUtilsTests {
|
||||
request.getHeaders().set(HttpHeaders.ORIGIN, "https://mydomain1.com");
|
||||
assertFalse(WebUtils.isValidOrigin(request, allowedOrigins));
|
||||
|
||||
servletRequest.setServerName("invalid-origin");
|
||||
request.getHeaders().set(HttpHeaders.ORIGIN, "invalid-origin");
|
||||
assertFalse(WebUtils.isValidOrigin(request, allowedOrigins));
|
||||
|
||||
allowedOrigins = Arrays.asList("*");
|
||||
servletRequest.setServerName("mydomain1.com");
|
||||
request.getHeaders().set(HttpHeaders.ORIGIN, "http://mydomain2.com");
|
||||
|
||||
Reference in New Issue
Block a user