package de.rwth.idsg.bikeman.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@Component
@ConfigurationProperties(prefix="server.cors")
public class CORSFilter implements Filter {
private List<String> allowedDomains = new ArrayList<String>();
public List<String> getAllowedDomains () {
return this.allowedDomains;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if ( !(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse) ) {
throw new ServletException("Non-http requests are not supported!");
}
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String origin = httpRequest.getHeader("origin");
if (origin != null) {
if (this.getAllowedDomains().contains(origin)) {
httpResponse.setHeader("Access-Control-Allow-Origin", origin);
httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Max-Age", "3600");
httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
}
}
chain.doFilter(httpRequest, httpResponse);
}
public void destroy() {}
}