From 81867b0bf4265ea217cbe4541e5ffdf290136ffd Mon Sep 17 00:00:00 2001
From: vkovtun <viktor.kovtun@id.ethz.ch>
Date: Sat, 5 Aug 2023 12:15:55 +0200
Subject: [PATCH] SSDM-13579: Added a check in the pre-flight requests
(OPTIONS) branch, which is required for a DELETE request. This is to make it
do a real request check instead of merely accepting everything.
---
.../afsserver/http/impl/NettyHttpHandler.java | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/server-data-store/src/main/java/ch/ethz/sis/afsserver/http/impl/NettyHttpHandler.java b/server-data-store/src/main/java/ch/ethz/sis/afsserver/http/impl/NettyHttpHandler.java
index 21eeb2e2663..58131a85b08 100644
--- a/server-data-store/src/main/java/ch/ethz/sis/afsserver/http/impl/NettyHttpHandler.java
+++ b/server-data-store/src/main/java/ch/ethz/sis/afsserver/http/impl/NettyHttpHandler.java
@@ -67,8 +67,22 @@ public class NettyHttpHandler extends ChannelInboundHandlerAdapter
{
if (OPTIONS.equals(request.method()))
{
+ final String requestMethod = request.headers().get(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD);
+
+ final HttpResponseStatus responseStatus;
+ if (requestMethod == null)
+ {
+ responseStatus = HttpResponseStatus.BAD_REQUEST;
+ } else if (!allowedMethods.contains(HttpMethod.valueOf(requestMethod)))
+ {
+ responseStatus = HttpResponseStatus.METHOD_NOT_ALLOWED;
+ } else
+ {
+ responseStatus = HttpResponseStatus.OK;
+ }
+
final FullHttpResponse response = getHttpResponse(
- HttpResponseStatus.OK,
+ responseStatus,
HttpResponse.CONTENT_TYPE_TEXT,
new EmptyByteBuf(ByteBufAllocator.DEFAULT),
0);
--
GitLab