libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-1208 Allow same-origin if cors is enabled

Browse source
This commit is contained in:
Stian Thorgersen 2015-04-21 10:42:13 +02:00
parent 416e71fa97
commit 5ed864fbbc
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
View file

@ -4,6 +4,7 @@ import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.constants.AdapterConstants; import org.keycloak.constants.AdapterConstants;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.util.UriUtils;
import java.io.IOException; import java.io.IOException;
import java.util.Set; import java.util.Set;
@ -78,8 +79,9 @@ public class AuthenticatedActionsHandler {
if (!deployment.isCors()) return false; if (!deployment.isCors()) return false;
KeycloakSecurityContext securityContext = facade.getSecurityContext(); KeycloakSecurityContext securityContext = facade.getSecurityContext();
String origin = facade.getRequest().getHeader(CorsHeaders.ORIGIN); String origin = facade.getRequest().getHeader(CorsHeaders.ORIGIN);
String requestOrigin = UriUtils.getOrigin(facade.getRequest().getURI());
log.debugv("Origin: {0} uri: {1}", origin, facade.getRequest().getURI()); log.debugv("Origin: {0} uri: {1}", origin, facade.getRequest().getURI());
if (securityContext != null && origin != null) { if (securityContext != null && origin != null && !origin.equals(requestOrigin)) {
AccessToken token = securityContext.getToken(); AccessToken token = securityContext.getToken();
Set<String> allowedOrigins = token.getAllowedOrigins(); Set<String> allowedOrigins = token.getAllowedOrigins();
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {