Skip to content

Commit

Permalink
Merge branch 'wso2:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@chamikasudusinghe
chamikasudusinghe authored Jun 26, 2023
2 parents 6ca3af2 + 4a49991 commit b659e90
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 5 deletions.
2 changes: 2 additions & 0 deletions ...n.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/APIMgtGatewayConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,8 @@ public class APIMgtGatewayConstants {
public static final String THROTTLE_HANDLER_ERROR = "Error in Throttle Handler";
public static final String API_THROTTLE_HANDLER_ERROR = "Error in API Throttle Handler";
public static final String CORS_REQUEST_HANDLER_ERROR = "Error in CORS_Request Handler";
public static final String CORS_FORBID_BLOCKED_REQUESTS = "corsForbidBlockedRequests";
public static final String CORS_SET_STATUS_CODE_FROM_MSG_CONTEXT = "corsSetStatusCodeFromMsgContext";
public static final String GOOGLE_ANALYTICS_ERROR = "Error in Google Analytics Handler";
public static final String CUSTOM_ANALYTICS_REQUEST_PROPERTIES = "apim.analytics.request.properties";
public static final String CUSTOM_ANALYTICS_RESPONSE_PROPERTIES = "apim.analytics.response.properties";
Expand Down
11 changes: 7 additions & 4 deletions ...ay/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/CORSRequestHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,9 +224,11 @@ public boolean handleRequest(MessageContext messageContext) {
if (corsSequence != null) {
corsSequence.mediate(messageContext);
}
if (messageContext.getProperty(APIMgtGatewayConstants.HTTP_SC) != null) {
Utils.send(messageContext, Integer.parseInt(
messageContext.getProperty(APIMgtGatewayConstants.HTTP_SC).toString()));
if (Boolean.parseBoolean(
System.getProperty(APIMgtGatewayConstants.CORS_SET_STATUS_CODE_FROM_MSG_CONTEXT))
&& messageContext.getProperty(APIMgtGatewayConstants.HTTP_SC) != null) {
Utils.send(messageContext,
Integer.parseInt(messageContext.getProperty(APIMgtGatewayConstants.HTTP_SC).toString()));
} else {
Utils.send(messageContext, HttpStatus.SC_OK);
}
Expand Down Expand Up @@ -331,7 +333,8 @@ public void setCORSHeaders(MessageContext messageContext, Resource selectedResou

messageContext.setProperty(APIConstants.CORSHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, allowedOrigin);
//If the request origin is not allowed, set the HTTP status code to 403
if (allowedOrigin == null) {
if (Boolean.parseBoolean(System.getProperty(APIMgtGatewayConstants.CORS_FORBID_BLOCKED_REQUESTS))
&& allowedOrigin == null) {
messageContext.setProperty(APIMgtGatewayConstants.HTTP_SC, HttpStatus.SC_FORBIDDEN);
}
String allowedMethods;
Expand Down
4 changes: 3 additions & 1 deletion ...n.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.ssl.SSLContexts;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
Expand Down Expand Up @@ -1059,7 +1060,8 @@ void populateHttpClientConfiguration() {
final String[] localhosts = { "::1", "127.0.0.1", "localhost", "localhost.localdomain" };
@Override
public boolean verify(String urlHostName, SSLSession session) {
return Arrays.asList(localhosts).contains(urlHostName);
return SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER.verify(urlHostName, session)
|| Arrays.asList(localhosts).contains(urlHostName);
}
};
break;
Expand Down

0 comments on commit b659e90

Please sign in to comment.