(tomcat) branch 9.0.x updated: Clean up check CORS request type method (#826)

dsoumis Thu, 13 Feb 2025 12:46:13 -0800

This is an automated email from the ASF dual-hosted git repository.

dsoumis pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/9.0.x by this push:
     new 3d967dddad Clean up check CORS request type method (#826)
3d967dddad is described below

commit 3d967dddad8071845686e5a636fffc9763fa15d2
Author: 김민종 <kous...@pusan.ac.kr>
AuthorDate: Fri Feb 14 05:42:53 2025 +0900

    Clean up check CORS request type method (#826)
    
    (cherry picked from commit a4ccdba4bf7702bbaad177d9b724f9713010018b)
---
 java/org/apache/catalina/filters/CorsFilter.java | 71 +++++++++---------------
 1 file changed, 27 insertions(+), 44 deletions(-)

diff --git a/java/org/apache/catalina/filters/CorsFilter.java 
b/java/org/apache/catalina/filters/CorsFilter.java
index 743175b4e8..8520a53a93 100644
--- a/java/org/apache/catalina/filters/CorsFilter.java
+++ b/java/org/apache/catalina/filters/CorsFilter.java
@@ -538,59 +538,42 @@ public class CorsFilter extends GenericFilter {
      * @return the CORS type
      */
     protected CORSRequestType checkRequestType(final HttpServletRequest 
request) {
-        CORSRequestType requestType = CORSRequestType.INVALID_CORS;
         if (request == null) {
             throw new 
IllegalArgumentException(sm.getString("corsFilter.nullRequest"));
         }
         String originHeader = request.getHeader(REQUEST_HEADER_ORIGIN);
-        // Section 6.1.1 and Section 6.2.1
-        if (originHeader != null) {
-            if (originHeader.isEmpty()) {
-                requestType = CORSRequestType.INVALID_CORS;
-            } else if (!RequestUtil.isValidOrigin(originHeader)) {
-                requestType = CORSRequestType.INVALID_CORS;
-            } else if (RequestUtil.isSameOrigin(request, originHeader)) {
-                return CORSRequestType.NOT_CORS;
-            } else {
-                String method = request.getMethod();
-                if (method != null) {
-                    if ("OPTIONS".equals(method)) {
-                        String accessControlRequestMethodHeader =
-                                
request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
-                        if (accessControlRequestMethodHeader != null && 
!accessControlRequestMethodHeader.isEmpty()) {
-                            requestType = CORSRequestType.PRE_FLIGHT;
-                        } else if (accessControlRequestMethodHeader != null &&
-                                accessControlRequestMethodHeader.isEmpty()) {
-                            requestType = CORSRequestType.INVALID_CORS;
-                        } else {
-                            requestType = CORSRequestType.ACTUAL;
-                        }
-                    } else if ("GET".equals(method) || "HEAD".equals(method)) {
-                        requestType = CORSRequestType.SIMPLE;
-                    } else if ("POST".equals(method)) {
-                        String mediaType = 
MediaType.parseMediaTypeOnly(request.getContentType());
-                        if (mediaType == null) {
-                            requestType = CORSRequestType.SIMPLE;
-                        } else {
-                            if 
(SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES.contains(mediaType)) {
-                                requestType = CORSRequestType.SIMPLE;
-                            } else {
-                                requestType = CORSRequestType.ACTUAL;
-                            }
-                        }
-                    } else {
-                        requestType = CORSRequestType.ACTUAL;
-                    }
+        if (originHeader == null || RequestUtil.isSameOrigin(request, 
originHeader)) {
+            return CORSRequestType.NOT_CORS;
+        }
+        if (originHeader.isEmpty() ||!RequestUtil.isValidOrigin(originHeader)) 
{
+            return CORSRequestType.INVALID_CORS;
+        }
+        String method = request.getMethod();
+        if (method == null) {
+            return CORSRequestType.INVALID_CORS;
+        }
+        if ("OPTIONS".equals(method)) {
+            String accessControlRequestMethodHeader = 
request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
+            if (accessControlRequestMethodHeader != null) {
+                if (!accessControlRequestMethodHeader.isEmpty()) {
+                    return CORSRequestType.PRE_FLIGHT;
                 }
+                return CORSRequestType.INVALID_CORS;
             }
-        } else {
-            requestType = CORSRequestType.NOT_CORS;
+            return CORSRequestType.ACTUAL;
         }
-
-        return requestType;
+        if ("GET".equals(method) || "HEAD".equals(method)) {
+            return CORSRequestType.SIMPLE;
+        }
+        if ("POST".equals(method)) {
+            String mediaType = 
MediaType.parseMediaTypeOnly(request.getContentType());
+            if (mediaType == null || 
SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES.contains(mediaType)) {
+                return CORSRequestType.SIMPLE;
+            }
+        }
+        return CORSRequestType.ACTUAL;
     }
 
-
     /**
      * Checks if the Origin is allowed to make a CORS request.
      *


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Clean up check CORS request type method (#826)

Reply via email to