Add Access-Control-Request-Method check for CORS preflight requests

Issue: SPR-13193
This commit is contained in:
Sebastien Deleuze
2015-07-07 09:34:39 +02:00
parent aea23e42c7
commit 8ee0e78980
3 changed files with 8 additions and 3 deletions

View File

@@ -61,6 +61,7 @@ import org.springframework.web.context.request.async.WebAsyncUtils;
import org.springframework.web.context.support.ServletRequestHandledEvent;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.context.support.XmlWebApplicationContext;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.util.NestedServletException;
import org.springframework.web.util.WebUtils;
@@ -903,7 +904,7 @@ public abstract class FrameworkServlet extends HttpServletBean implements Applic
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (this.dispatchOptionsRequest || request.getHeader("Origin") != null) {
if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
processRequest(request, response);
if (response.containsHeader("Allow")) {
// Proper OPTIONS response coming from a handler - we're done.