markt-asf commented on PR #826: URL: https://github.com/apache/tomcat/pull/826#issuecomment-2658848926
I echo n828cl's concerns about calling `isSameOrigin()` before `isValidOrigin()`. I can't see an obvious issue but swapping the order of those two checks is going to be a lot faster than doing all the thinking and analysis to convince ourselves that the current order is safe. It will mean 3 `if` statements rather than 2 but I'm fine with that. Also, if we ever need to extend the checks in `isValidOrigin()`, the current order risks bypassing those additional checks. I am happy that the logic (apart from the above) is the same. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
