libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-5946 Make sure wildcard origin is never returned

Browse source
This commit is contained in:
stianst 2017-11-30 12:10:30 +01:00 committed by Stian Thorgersen
parent 4541acc628
commit c3d9f4704e
2 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/src/main/java/org/keycloak/services/resources/Cors.java
View file

@ -148,11 +148,7 @@ public class Cors {
return builder.build(); return builder.build();
} }
if (allowedOrigins != null && allowedOrigins.contains(ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD)) { builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD);
} else {
builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
}
if (preflight) { if (preflight) {
if (allowedMethods != null) { if (allowedMethods != null) {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
View file

@ -154,7 +154,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
request.header(Cors.ORIGIN_HEADER, "http://somehost"); request.header(Cors.ORIGIN_HEADER, "http://somehost");
Response response = request.get(); Response response = request.get();
assertEquals("*", response.getHeaders().getFirst(Cors.ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("http://somehost", response.getHeaders().getFirst(Cors.ACCESS_CONTROL_ALLOW_ORIGIN));
} }
private OIDCConfigurationRepresentation getOIDCDiscoveryConfiguration(Client client) { private OIDCConfigurationRepresentation getOIDCDiscoveryConfiguration(Client client) {