Polishing

Optimize same origin check when the request is an instance of
ServletServerHttpRequest and when there is no forwarded headers.

This commit also optimizes the getPort methods and ForwardedHeaderFilter
forwarded headers checks.

Issue: SPR-16262
This commit is contained in:
sdeleuze
2018-01-09 12:40:34 +01:00
parent c326e44488
commit 9c7de232b8
5 changed files with 76 additions and 40 deletions

View File

@@ -168,7 +168,7 @@ public class WebUtilsTests {
if (port != -1) {
servletRequest.setServerPort(port);
}
request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
servletRequest.addHeader(HttpHeaders.ORIGIN, originHeader);
return WebUtils.isValidOrigin(request, allowed);
}
@@ -179,7 +179,7 @@ public class WebUtilsTests {
if (port != -1) {
servletRequest.setServerPort(port);
}
request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
servletRequest.addHeader(HttpHeaders.ORIGIN, originHeader);
return WebUtils.isSameOrigin(request);
}
@@ -191,15 +191,15 @@ public class WebUtilsTests {
servletRequest.setServerPort(port);
}
if (forwardedProto != null) {
request.getHeaders().set("X-Forwarded-Proto", forwardedProto);
servletRequest.addHeader("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
request.getHeaders().set("X-Forwarded-Host", forwardedHost);
servletRequest.addHeader("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
request.getHeaders().set("X-Forwarded-Port", String.valueOf(forwardedPort));
servletRequest.addHeader("X-Forwarded-Port", String.valueOf(forwardedPort));
}
request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
servletRequest.addHeader(HttpHeaders.ORIGIN, originHeader);
return WebUtils.isSameOrigin(request);
}
@@ -210,8 +210,8 @@ public class WebUtilsTests {
if (port != -1) {
servletRequest.setServerPort(port);
}
request.getHeaders().set("Forwarded", forwardedHeader);
request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
servletRequest.addHeader("Forwarded", forwardedHeader);
servletRequest.addHeader(HttpHeaders.ORIGIN, originHeader);
return WebUtils.isSameOrigin(request);
}