YARN-9727: Allowed Origin pattern is discouraged if regex contains *. Contributed by Zoltan Siegl

This commit is contained in:
Szilard Nemeth 2019-08-09 09:34:23 +02:00
parent a92b7a5491
commit df30d8ea09

View File

@ -197,7 +197,7 @@ private void initializeAllowedOrigins(FilterConfig filterConfig) {
LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ',')); LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ','));
LOG.info("Allow All Origins: " + allowAllOrigins); LOG.info("Allow All Origins: " + allowAllOrigins);
List<String> discouragedAllowedOrigins = allowedOrigins.stream() List<String> discouragedAllowedOrigins = allowedOrigins.stream()
.filter(s -> s.length() > 1 && s.contains("*")) .filter(s -> s.length() > 1 && s.contains("*") && !(s.startsWith(ALLOWED_ORIGINS_REGEX_PREFIX)))
.collect(Collectors.toList()); .collect(Collectors.toList());
for (String discouragedAllowedOrigin : discouragedAllowedOrigins) { for (String discouragedAllowedOrigin : discouragedAllowedOrigins) {
LOG.warn("Allowed Origin pattern '" + discouragedAllowedOrigin + "' is discouraged, use the 'regex:' prefix and use a Java regular expression instead."); LOG.warn("Allowed Origin pattern '" + discouragedAllowedOrigin + "' is discouraged, use the 'regex:' prefix and use a Java regular expression instead.");