Access-Control-Request-Method is only returned on a Preflight Request. (#620)

ggallotti · claudiamurialdo · web-flow · commit 10add7e48d5f · 2022-10-17T11:11:28.000-03:00
Co-authored-by: claudiamurialdo &lt;33756655+claudiamurialdo@users.noreply.github.com&gt;
diff --git a/wrappercommon/src/main/java/com/genexus/cors/CORSHelper.java b/wrappercommon/src/main/java/com/genexus/cors/CORSHelper.java
@@ -12,33 +12,25 @@ public class CORSHelper {
 
 	private static String CORS_ALLOWED_ORIGIN = "CORS_ALLOW_ORIGIN";
 	private static String CORS_MAX_AGE_SECONDS = "86400";
-
+	private static String PREFLIGHT_REQUEST = "OPTIONS";
 
 	public static boolean corsSupportEnabled() {
 		return getAllowedOrigin() != null;
 	}
 
-	public static HashMap<String, String> getCORSHeaders(Map<String, List<String>> headers) {
-		String corsAllowedOrigin = getAllowedOrigin();
-		if (corsAllowedOrigin == null) return null;
+	public static HashMap<String, String> getCORSHeaders(String httpMethod, Map<String, List<String>> headers) {
+		if (getAllowedOrigin() == null) {
+			return null;
+		}
 
 		String requestedMethod = getHeaderValue(REQUEST_METHOD_HEADER_NAME, headers);
 		String requestedHeaders = getHeaderValue(REQUEST_HEADERS_HEADER_NAME, headers);
-		if (requestedMethod == null) {
-			return null;
-		}
 
-		return corsHeaders(corsAllowedOrigin, requestedMethod, requestedHeaders);
+		return corsHeaders(httpMethod, requestedMethod, requestedHeaders);
 	}
 
-	public static HashMap<String, String> getCORSHeaders(String requestedMethod, String requestedHeaders) {
-		String corsAllowedOrigin = getAllowedOrigin();
-
-		if (corsAllowedOrigin == null || requestedMethod == null) {
-			return null;
-		}
-
-		return corsHeaders(corsAllowedOrigin, requestedMethod, requestedHeaders);
+	public static HashMap<String, String> getCORSHeaders(String httpMethod, String requestedMethod, String requestedHeaders) {
+		return corsHeaders(httpMethod, requestedMethod, requestedHeaders);
 	}
 
 	private static String getAllowedOrigin() {
@@ -49,15 +41,26 @@ private static String getAllowedOrigin() {
 		return corsAllowedOrigin;
 	}
 
-	private static HashMap<String, String> corsHeaders(String corsAllowedOrigin, String requestedMethod, String requestedHeaders) {
+	private static HashMap<String, String> corsHeaders(String httpMethodName, String requestedMethod, String requestedHeaders) {
+		String corsAllowedOrigin = getAllowedOrigin();
+		if (corsAllowedOrigin == null) {
+			return null;
+		}
+
+		boolean isPreflightRequest = httpMethodName.equalsIgnoreCase(PREFLIGHT_REQUEST);
+
 		HashMap<String, String> corsHeaders = new HashMap<>();
 		corsHeaders.put("Access-Control-Allow-Origin", corsAllowedOrigin);
 		corsHeaders.put("Access-Control-Allow-Credentials", "true");
-		if (requestedHeaders != null && !requestedHeaders.isEmpty()) {
+		corsHeaders.put("Access-Control-Max-Age", CORS_MAX_AGE_SECONDS);
+
+		if (isPreflightRequest && requestedHeaders != null && !requestedHeaders.isEmpty()) {
 			corsHeaders.put("Access-Control-Allow-Headers", requestedHeaders);
 		}
-		corsHeaders.put("Access-Control-Allow-Methods", requestedMethod);
-		corsHeaders.put("Access-Control-Max-Age", CORS_MAX_AGE_SECONDS);
+		if (isPreflightRequest && requestedMethod != null && !requestedMethod.isEmpty()) {
+			corsHeaders.put("Access-Control-Allow-Methods", requestedMethod);
+		}
+
 		return corsHeaders;
 	}
 
diff --git a/wrapperjakarta/src/main/java/com/genexus/servlet/CorsFilter.java b/wrapperjakarta/src/main/java/com/genexus/servlet/CorsFilter.java
@@ -23,7 +23,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 
-		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getHeader(CORSHelper.REQUEST_METHOD_HEADER_NAME), request.getHeader(CORSHelper.REQUEST_HEADERS_HEADER_NAME));
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getMethod(), request.getHeader(CORSHelper.REQUEST_METHOD_HEADER_NAME), request.getHeader(CORSHelper.REQUEST_HEADERS_HEADER_NAME));
 		if (corsHeaders != null) {
 			HttpServletResponse response = (HttpServletResponse) servletResponse;
 			for (String headerName : corsHeaders.keySet()) {
diff --git a/wrapperjakarta/src/main/java/com/genexus/ws/JAXRSCorsFilter.java b/wrapperjakarta/src/main/java/com/genexus/ws/JAXRSCorsFilter.java
@@ -14,7 +14,7 @@ public class JAXRSCorsFilter implements ContainerResponseFilter {
 	@Override
 	public void filter(ContainerRequestContext requestContext,
 					   ContainerResponseContext responseContext) {
-		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getHeaders());
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getMethod(), requestContext.getHeaders());
 		if (corsHeaders == null) {
 			return;
 		}
diff --git a/wrapperjavax/src/main/java/com/genexus/servlet/CorsFilter.java b/wrapperjavax/src/main/java/com/genexus/servlet/CorsFilter.java
@@ -22,7 +22,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
 	@Override
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
-		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getHeader(CORSHelper.REQUEST_METHOD_HEADER_NAME), request.getHeader(CORSHelper.REQUEST_HEADERS_HEADER_NAME));
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getMethod(), request.getHeader(CORSHelper.REQUEST_METHOD_HEADER_NAME), request.getHeader(CORSHelper.REQUEST_HEADERS_HEADER_NAME));
 		if (corsHeaders != null) {
 			HttpServletResponse response = (HttpServletResponse) servletResponse;
 			for (String headerName : corsHeaders.keySet()) {
diff --git a/wrapperjavax/src/main/java/com/genexus/ws/JAXRSCorsFilter.java b/wrapperjavax/src/main/java/com/genexus/ws/JAXRSCorsFilter.java
@@ -14,7 +14,7 @@ public class JAXRSCorsFilter implements ContainerResponseFilter {
 	@Override
 	public void filter(ContainerRequestContext requestContext,
 					   ContainerResponseContext responseContext) {
-		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getHeaders());
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getMethod(), requestContext.getHeaders());
 		if (corsHeaders == null) {
 			return;
 		}

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ public class JAXRSCorsFilter implements ContainerResponseFilter {`
`14`	`14`	`@Override`
`15`	`15`	`public void filter(ContainerRequestContext requestContext,`
`16`	`16`	`ContainerResponseContext responseContext) {`
`17`		`- HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getHeaders());`
	`17`	`+ HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getMethod(), requestContext.getHeaders());`
`18`	`18`	`if (corsHeaders == null) {`
`19`	`19`	`return;`
`20`	`20`	`}`