From df30d8ea092cddc037482bc60fc790b26b577963 Mon Sep 17 00:00:00 2001
From: Szilard Nemeth <snemeth@apache.org>
Date: Fri, 9 Aug 2019 09:34:23 +0200
Subject: [PATCH] YARN-9727: Allowed Origin pattern is discouraged if regex
 contains *. Contributed by Zoltan Siegl

---
 .../java/org/apache/hadoop/security/http/CrossOriginFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java
index 02c168f7b6..60c2864bbe 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java
@@ -197,7 +197,7 @@ private void initializeAllowedOrigins(FilterConfig filterConfig) {
     LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ','));
     LOG.info("Allow All Origins: " + allowAllOrigins);
     List<String> discouragedAllowedOrigins = allowedOrigins.stream()
-            .filter(s -> s.length() > 1 && s.contains("*"))
+            .filter(s -> s.length() > 1 && s.contains("*") && !(s.startsWith(ALLOWED_ORIGINS_REGEX_PREFIX)))
             .collect(Collectors.toList());
     for (String discouragedAllowedOrigin : discouragedAllowedOrigins) {
         LOG.warn("Allowed Origin pattern '" + discouragedAllowedOrigin + "' is discouraged, use the 'regex:' prefix and use a Java regular expression instead.");