java source code of CorsFilter

halo-master
- .github
  - ISSUE_TEMPLATE
    - question.md
    - feature_request.md
    - bug_report.md
  - FUNDING.yml
  - workflows
    - gradle.yml
- src
  - main
    - resources
      - application-demo.yaml
      - admin
        images
        dark.svg
        topmenu.svg
        sidemenu.svg
        placeholder.jpg
        light.svg
        fonts
        fontello.068ca2b3.ttf
        fontello.a782baa8.woff
        fontello.8d4a4e6f.woff2
        fontello.e73a0647.eot
        index.html
        assets
        fontello.9354499c.svg
      - migration
        V2__migrate_1.2.0-beta.1_to_1.2.0-beta.2.sql
        V4__migrate_1.3.0-beta.2_to_1.3.0-beta.3.sql
        V3__migrate_1.3.0-beta.1_to_1.3.0-beta.2.sql
        V1__migrate_before_to_1.2.0.sql
      - templates
        themes
        anatole
        common
        mail_template
        mail_notice.ftl
        mail_reply.ftl
        web
        sitemap_xml.ftl
        rss.ftl
        readme.ftl
        atom.ftl
        robots.ftl
        sitemap_html.ftl
        error
        error.ftl
        500.ftl
        404.ftl
        macro
        common_macro.ftl
        global_macro.ftl
        template
        post_password.ftl
      - application.yaml
      - application-test.yaml
      - application-dev.yaml
      - banner.txt
      - application-user.yaml
    - java
      - run
        halo
        app
        security
        resolver
        AuthenticationArgumentResolver.java
        authentication
        Authentication.java
        AuthenticationImpl.java
        support
        UserDetail.java
        context
        SecurityContext.java
        SecurityContextHolder.java
        SecurityContextImpl.java
        util
        SecurityUtils.java
        service
        impl
        OneTimeTokenServiceImpl.java
        OneTimeTokenService.java
        token
        AuthToken.java
        handler
        ContentAuthenticationFailureHandler.java
        DefaultAuthenticationFailureHandler.java
        AuthenticationFailureHandler.java
        filter
        ApiAuthenticationFilter.java
        AbstractAuthenticationFilter.java
        AdminAuthenticationFilter.java
        ContentFilter.java
        utils
        VersionUtil.java
        DateTimeUtils.java
        TwoFactorAuthUtils.java
        SlugUtils.java
        JsonUtils.java
        FilenameUtils.java
        HttpClientUtils.java
        BeanUtils.java
        ReflectionUtils.java
        HaloUtils.java
        ServiceUtils.java
        FileUtils.java
        GitUtils.java
        DateUtils.java
        ServletUtils.java
        ImageUtils.java
        ValidationUtils.java
        MarkdownUtils.java
        ExceptionUtils.java
        mail
        MailServiceImpl.java
        MailService.java
        MailSenderFactory.java
        AbstractMailService.java
        MailProperties.java
        config
        properties
        HaloProperties.java
        SwaggerConfiguration.java
        HaloConfiguration.java
        HaloRequestMappingHandlerMapping.java
        WebMvcAutoConfiguration.java
        service
        OptionService.java
        impl
        MigrateServiceImpl.java
        BaseMetaServiceImpl.java
        BackupServiceImpl.java
        BasePostServiceImpl.java
        TraceServiceImpl.java
        ThemeServiceImpl.java
        DataProcessServiceImpl.java
        StatisticServiceImpl.java
        AttachmentServiceImpl.java
        ThemeSettingServiceImpl.java
        JournalCommentServiceImpl.java
        TagServiceImpl.java
        JournalServiceImpl.java
        OptionServiceImpl.java
        AdminServiceImpl.java
        SheetMetaServiceImpl.java
        BaseCommentServiceImpl.java
        PostMetaServiceImpl.java
        PostCommentServiceImpl.java
        PostCategoryServiceImpl.java
        CommentBlackListServiceImpl.java
        PostTagServiceImpl.java
        LogServiceImpl.java
        MenuServiceImpl.java
        SheetServiceImpl.java
        LinkServiceImpl.java
        SheetCommentServiceImpl.java
        StaticStorageServiceImpl.java
        StaticPageServiceImpl.java
        PhotoServiceImpl.java
        UserServiceImpl.java
        CategoryServiceImpl.java
        PostServiceImpl.java
        UserService.java
        PostCommentService.java
        StaticPageService.java
        PostTagService.java
        CategoryService.java
        MigrateService.java
        PhotoService.java
        LinkService.java
        JournalCommentService.java
        JournalService.java
        base
        AbstractCrudService.java
        BaseMetaService.java
        CrudService.java
        BasePostService.java
        BaseCommentService.java
        ThemeService.java
        support
        HaloMediaType.java
        PostCategoryService.java
        PostMetaService.java
        MenuService.java
        ThemeSettingService.java
        LogService.java
        SheetService.java
        CommentBlackListService.java
        PostService.java
        TraceService.java
        StatisticService.java
        BackupService.java
        SheetCommentService.java
        AdminService.java
        StaticStorageService.java
        TagService.java
        AttachmentService.java
        DataProcessService.java
        SheetMetaService.java
        exception
        FrequentAccessException.java
        ThemePropertyMissingException.java
        RepeatTypeException.java
        ForbiddenException.java
        ThemeUpdateException.java
        MissingPropertyException.java
        ThemeConfigMissingException.java
        FileOperationException.java
        NotInstallException.java
        UnsupportedMediaTypeException.java
        BeanUtilsException.java
        ThemeNotSupportException.java
        BadRequestException.java
        AuthenticationException.java
        ServiceException.java
        AbstractHaloException.java
        PropertyFormatException.java
        EmailException.java
        AlreadyExistsException.java
        NotFoundException.java
        theme
        ThemePropertyScanner.java
        YamlResolver.java
        ThemeFileScanner.java
        factory
        StringToEnumConverterFactory.java
        event
        options
        OptionUpdatedEvent.java
        user
        UserUpdatedEvent.java
        post
        SheetVisitEvent.java
        AbstractVisitEvent.java
        PostVisitEvent.java
        StaticStorageChangedEvent.java
        theme
        ThemeUpdatedEvent.java
        ThemeActivatedEvent.java
        comment
        CommentNewEvent.java
        CommentReplyEvent.java
        AbstractCommentBaseEvent.java
        logger
        LogEvent.java
        annotation
        SensitiveConceal.java
        DisableOnCondition.java
        aspect
        SensitiveConcealAspect.java
        DisableOnConditionAspect.java
        cache
        RedisCacheStore.java
        CacheStore.java
        LevelCacheStore.java
        CacheWrapper.java
        AbstractCacheStore.java
        InMemoryCacheStore.java
        lock
        CacheParam.java
        CacheLockInterceptor.java
        CacheLock.java
        AbstractStringCacheStore.java
        core
        PageJacksonSerializer.java
        ControllerLogAop.java
        freemarker
        tag
        LinkTagDirective.java
        MenuTagDirective.java
        PaginationTagDirective.java
        PhotoTagDirective.java
        ToolTagDirective.java
        TagTagDirective.java
        PostTagDirective.java
        CommentTagDirective.java
        CategoryTagDirective.java
        method
        RandomMethod.java
        ControllerExceptionHandler.java
        CommonResultControllerAdvice.java
        model
        vo
        ArchiveMonthVO.java
        AdjacentPostVO.java
        JournalCommentWithJournalVO.java
        MenuVO.java
        CommentWithHasChildrenVO.java
        MultiFactorAuthVO.java
        SheetCommentWithSheetVO.java
        PostCommentWithPostVO.java
        PostListVO.java
        CategoryVO.java
        PhotoTeamVO.java
        BaseCommentWithParentVO.java
        BaseCommentVO.java
        MenuTeamVO.java
        SheetDetailVO.java
        LinkTeamVO.java
        PostDetailVO.java
        ArchiveYearVO.java
        SheetListVO.java
        dto
        OptionDTO.java
        TagDTO.java
        JournalWithCmtCountDTO.java
        LinkDTO.java
        post
        BasePostDetailDTO.java
        BasePostMinimalDTO.java
        BasePostSimpleDTO.java
        BaseCommentDTO.java
        StatisticDTO.java
        BackupDTO.java
        MenuDTO.java
        base
        InputConverter.java
        OutputConverter.java
        LoginPreCheckDTO.java
        IndependentSheetDTO.java
        TagWithPostCountDTO.java
        BaseMetaDTO.java
        UserDTO.java
        LogDTO.java
        AttachmentDTO.java
        HttpTraceDTO.java
        CategoryDTO.java
        PhotoDTO.java
        JournalDTO.java
        EnvironmentDTO.java
        StatisticWithUserDTO.java
        CategoryWithPostCountDTO.java
        OptionSimpleDTO.java
        entity
        PostTag.java
        Link.java
        PostCategory.java
        BaseMeta.java
        Attachment.java
        PostComment.java
        ThemeSetting.java
        support
        CustomIdGenerator.java
        Log.java
        Sheet.java
        Menu.java
        SheetMeta.java
        BaseComment.java
        BasePost.java
        PostMeta.java
        Option.java
        CommentBlackList.java
        Category.java
        Photo.java
        Post.java
        Tag.java
        Journal.java
        User.java
        SheetComment.java
        BaseEntity.java
        JournalComment.java
        properties
        StaticDeployProperties.java
        UpOssProperties.java
        PostProperties.java
        PermalinkProperties.java
        NetlifyStaticDeployProperties.java
        ApiProperties.java
        SheetProperties.java
        PrimaryProperties.java
        HuaweiObsProperties.java
        AliOssProperties.java
        GitStaticDeployProperties.java
        SeoProperties.java
        TencentCosProperties.java
        BaiduBosProperties.java
        BlogProperties.java
        QiniuOssProperties.java
        EmailProperties.java
        PropertyEnum.java
        CommentProperties.java
        OtherProperties.java
        AttachmentProperties.java
        SmmsProperties.java
        enums
        DataType.java
        Mode.java
        CommentStatus.java
        BanStatusEnum.java
        GlobalPathType.java
        MFAType.java
        InputType.java
        PostStatus.java
        MigrateType.java
        OptionType.java
        ValueEnum.java
        StaticDeployType.java
        CommentViolationTypeEnum.java
        PostPermalinkType.java
        converter
        CommentStatusConverter.java
        PostTypeConverter.java
        PostStatusConverter.java
        AttachmentTypeConverter.java
        LogTypeConverter.java
        DataTypeConverter.java
        AbstractConverter.java
        AttachmentType.java
        PostType.java
        PostEditorType.java
        LogType.java
        JournalType.java
        support
        StaticPageFile.java
        BaseResponse.java
        RainbowPage.java
        StaticFile.java
        ThemeFile.java
        CommentPage.java
        Pagination.java
        HaloConst.java
        UploadResult.java
        CreateCheck.java
        UpdateCheck.java
        params
        MultiFactorAuthParam.java
        BaseCommentParam.java
        PostQuery.java
        StaticContentParam.java
        PasswordParam.java
        ThemeContentParam.java
        SheetMetaParam.java
        LoginParam.java
        MenuParam.java
        AttachmentParam.java
        BaseMetaParam.java
        SheetParam.java
        PostCommentParam.java
        PostParam.java
        OptionQuery.java
        PostContentParam.java
        PhotoQuery.java
        OptionParam.java
        AttachmentQuery.java
        LinkParam.java
        CommentQuery.java
        JournalCommentParam.java
        InstallParam.java
        CategoryParam.java
        PostMetaParam.java
        JournalQuery.java
        ResetPasswordParam.java
        LogParam.java
        TagParam.java
        UserParam.java
        PhotoParam.java
        SheetCommentParam.java
        JournalParam.java
        MailParam.java
        projection
        TagPostPostCountProjection.java
        CommentCountProjection.java
        CommentChildrenCountProjection.java
        CategoryPostCountProjection.java
        repository
        LogRepository.java
        SheetMetaRepository.java
        AttachmentRepository.java
        CategoryRepository.java
        JournalCommentRepository.java
        OptionRepository.java
        PostTagRepository.java
        SheetCommentRepository.java
        PostCommentRepository.java
        PostCategoryRepository.java
        base
        BaseCommentRepository.java
        BaseRepository.java
        BaseRepositoryImpl.java
        BaseMetaRepository.java
        BasePostRepository.java
        JournalRepository.java
        PostRepository.java
        PostMetaRepository.java
        CommentBlackListRepository.java
        SheetRepository.java
        PhotoRepository.java
        TagRepository.java
        UserRepository.java
        ThemeSettingRepository.java
        LinkRepository.java
        MenuRepository.java
        handler
        file
        AliOssFileHandler.java
        FileHandler.java
        FileHandlers.java
        UpOssFileHandler.java
        LocalFileHandler.java
        TencentCosFileHandler.java
        BaiduBosFileHandler.java
        QiniuOssFileHandler.java
        SmmsFileHandler.java
        HuaweiObsFileHandler.java
        theme
        config
        impl
        YamlThemePropertyResolver.java
        YamlThemeConfigResolverImpl.java
        support
        ThemeProperty.java
        Item.java
        Option.java
        Group.java
        ThemePropertyResolver.java
        ThemeConfigResolver.java
        migrate
        MigrateHandler.java
        HaloMigrateHandler.java
        MigrateHandlers.java
        staticdeploy
        NetlifyStaticDeployHandler.java
        GitStaticDeployHandler.java
        StaticDeployHandlers.java
        StaticDeployHandler.java
        filter
        CorsFilter.java
        LogFilter.java
        listener
        post
        PostVisitEventListener.java
        AbstractVisitEventListener.java
        SheetVisitEventListener.java
        theme
        ThemeUpdatedListener.java
        freemarker
        FreemarkerConfigAwareListener.java
        comment
        CommentEventListener.java
        logger
        LogEventListener.java
        StartedListener.java
        Application.java
        controller
        content
        ContentIndexController.java
        ContentContentController.java
        api
        UserController.java
        StatisticController.java
        PostController.java
        TagController.java
        OptionController.java
        MenuController.java
        CategoryController.java
        PhotoController.java
        SheetController.java
        ArchiveController.java
        ThemeController.java
        JournalController.java
        LinkController.java
        ContentFeedController.java
        MainController.java
        model
        TagModel.java
        JournalModel.java
        PostModel.java
        SheetModel.java
        CategoryModel.java
        PhotoModel.java
        LinkModel.java
        ContentSearchController.java
        admin
        api
        UserController.java
        StatisticController.java
        InstallController.java
        PostController.java
        PostCommentController.java
        SheetCommentController.java
        MailController.java
        TagController.java
        OptionController.java
        JournalCommentController.java
        BackupController.java
        DataProcessController.java
        MigrateController.java
        MenuController.java
        CategoryController.java
        AttachmentController.java
        PhotoController.java
        SheetController.java
        LogController.java
        ThemeController.java
        JournalController.java
        StaticStorageController.java
        AdminController.java
        StaticPageController.java
        LinkController.java
        core
        CommonController.java
  - test
    - resources
      - migration-test.json
      - wordpressdemo.xml
    - java
      - run
        halo
        app
        security
        OneTimeTokenTest.java
        utils
        URITest.java
        FileUtilsTest.java
        DirectoryAttackTest.java
        YamlTest.java
        FilenameUtilsTest.java
        SlugUtilsTest.java
        GitTest.java
        PathsTest.java
        InetAddressTest.java
        DateTimeUtilsTest.java
        BeanUtilsTest.java
        GithubTest.java
        ReflectionUtilsTest.java
        BcryptTest.java
        PathTest.java
        HaloUtilsTest.java
        VersionUtilTest.java
        LocalDateTimeTest.java
        TwoFactorAuthUtilsTest.java
        JsonUtilsTest.java
        TimeUnitTest.java
        service
        impl
        OptionServiceImplTest.java
        PostServiceImplTest.java
        support
        HaloMediaTypeTest.java
        RecoveryServiceTest.java
        aspect
        DisableOnConditionAspectTest.java
        SensitiveConcealAspectTest.java
        cache
        InMemoryCacheStoreTest.java
        CacheStoreTest.java
        model
        dto
        base
        InputConverterTest.java
        OutputConverterTest.java
        properties
        PropertyEnumTest.java
        enums
        AttachmentTypeTest.java
        DataTypeTest.java
        params
        InstallParamTest.java
        MediaTypeTest.java
        repository
        SheetRepositoryTest.java
        handler
        theme
        YamlThemePropertyResolverTest.java
        conf
        AntPathMatcherTest.java
        controller
        DisableOnConditionController.java
- gradle
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
- .gitmodules
- gradlew.bat
- LICENSE
- gradlew
- CONTRIBUTING.md
- .gitattributes
- config
  - checkstyle
    - checkstyle.xml
- CHANGELOG.md
- build.gradle
- .travis.yml
- README.md
- scripts
  - docker-build-dev.sh
  - docker-build-release.sh
- Dockerfile
- settings.gradle
- .gitignore

package run.halo.app.filter;

import org.apache.commons.lang3.StringUtils;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

import static run.halo.app.model.support.HaloConst.ADMIN_TOKEN_HEADER_NAME;
import static run.halo.app.model.support.HaloConst.API_ACCESS_KEY_HEADER_NAME;

/**
 * Filter for CORS.
 *
 * @author johnniang
 */
@Component
@Order(Ordered.HIGHEST_PRECEDENCE + 10)
public class CorsFilter extends GenericFilterBean {

    private final static String ALLOW_HEADERS = StringUtils.joinWith(",", HttpHeaders.CONTENT_TYPE, ADMIN_TOKEN_HEADER_NAME, API_ACCESS_KEY_HEADER_NAME);

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        // Set customized header
        String originHeaderValue = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
        if (StringUtils.isNotBlank(originHeaderValue)) {
            httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, originHeaderValue);
        }
        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS);
        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS");
        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");

        if (!CorsUtils.isPreFlightRequest(httpServletRequest)) {
            chain.doFilter(httpServletRequest, httpServletResponse);
        }
    }
}