diff --git a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfig.java b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfig.java index 9848c26022e37..1ffffdf0d315d 100644 --- a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfig.java +++ b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfig.java @@ -48,7 +48,6 @@ public final class NioCorsConfig { private final long maxAge; private final Set allowedRequestMethods; private final Set allowedRequestHeaders; - private final boolean allowNullOrigin; private final Map> preflightHeaders; private final boolean shortCircuit; @@ -61,7 +60,6 @@ public final class NioCorsConfig { maxAge = builder.maxAge; allowedRequestMethods = builder.requestMethods; allowedRequestHeaders = builder.requestHeaders; - allowNullOrigin = builder.allowNullOrigin; preflightHeaders = builder.preflightHeaders; shortCircuit = builder.shortCircuit; } @@ -108,19 +106,6 @@ public boolean isOriginAllowed(final String origin) { return false; } - /** - * Web browsers may set the 'Origin' request header to 'null' if a resource is loaded - * from the local file system. - * - * If isNullOriginAllowed is true then the server will response with the wildcard for the - * the CORS response header 'Access-Control-Allow-Origin'. - * - * @return {@code true} if a 'null' origin should be supported. - */ - public boolean isNullOriginAllowed() { - return allowNullOrigin; - } - /** * Determines if credentials are supported for CORS requests. * diff --git a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfigBuilder.java b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfigBuilder.java index 333e4931aa1f1..62eda913b0ac7 100644 --- a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfigBuilder.java +++ b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsConfigBuilder.java @@ -49,19 +49,6 @@ public static NioCorsConfigBuilder forAnyOrigin() { return new NioCorsConfigBuilder(); } - /** - * Creates a {@link NioCorsConfigBuilder} instance with the specified origin. - * - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - public static NioCorsConfigBuilder forOrigin(final String origin) { - if ("*".equals(origin)) { - return new NioCorsConfigBuilder(); - } - return new NioCorsConfigBuilder(origin); - } - - /** * Create a {@link NioCorsConfigBuilder} instance with the specified pattern origin. * @@ -87,14 +74,12 @@ public static NioCorsConfigBuilder forOrigins(final String... origins) { Optional> origins; Optional pattern; final boolean anyOrigin; - boolean allowNullOrigin; boolean enabled = true; boolean allowCredentials; long maxAge; final Set requestMethods = new HashSet<>(); final Set requestHeaders = new HashSet<>(); final Map> preflightHeaders = new HashMap<>(); - private boolean noPreflightHeaders; boolean shortCircuit; /** @@ -130,18 +115,6 @@ public static NioCorsConfigBuilder forOrigins(final String... origins) { anyOrigin = false; } - /** - * Web browsers may set the 'Origin' request header to 'null' if a resource is loaded - * from the local file system. Calling this method will enable a successful CORS response - * with a wildcard for the CORS response header 'Access-Control-Allow-Origin'. - * - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - NioCorsConfigBuilder allowNullOrigin() { - allowNullOrigin = true; - return this; - } - /** * Disables CORS support. * @@ -219,71 +192,6 @@ public NioCorsConfigBuilder allowedRequestHeaders(final String... headers) { return this; } - /** - * Returns HTTP response headers that should be added to a CORS preflight response. - * - * An intermediary like a load balancer might require that a CORS preflight request - * have certain headers set. This enables such headers to be added. - * - * @param name the name of the HTTP header. - * @param values the values for the HTTP header. - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - public NioCorsConfigBuilder preflightResponseHeader(final CharSequence name, final Object... values) { - if (values.length == 1) { - preflightHeaders.put(name, new ConstantValueGenerator(values[0])); - } else { - preflightResponseHeader(name, Arrays.asList(values)); - } - return this; - } - - /** - * Returns HTTP response headers that should be added to a CORS preflight response. - * - * An intermediary like a load balancer might require that a CORS preflight request - * have certain headers set. This enables such headers to be added. - * - * @param name the name of the HTTP header. - * @param value the values for the HTTP header. - * @param the type of values that the Iterable contains. - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - public NioCorsConfigBuilder preflightResponseHeader(final CharSequence name, final Iterable value) { - preflightHeaders.put(name, new ConstantValueGenerator(value)); - return this; - } - - /** - * Returns HTTP response headers that should be added to a CORS preflight response. - * - * An intermediary like a load balancer might require that a CORS preflight request - * have certain headers set. This enables such headers to be added. - * - * Some values must be dynamically created when the HTTP response is created, for - * example the 'Date' response header. This can be accomplished by using a Callable - * which will have its 'call' method invoked when the HTTP response is created. - * - * @param name the name of the HTTP header. - * @param valueGenerator a Callable which will be invoked at HTTP response creation. - * @param the type of the value that the Callable can return. - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - public NioCorsConfigBuilder preflightResponseHeader(final CharSequence name, final Callable valueGenerator) { - preflightHeaders.put(name, valueGenerator); - return this; - } - - /** - * Specifies that no preflight response headers should be added to a preflight response. - * - * @return {@link NioCorsConfigBuilder} to support method chaining. - */ - public NioCorsConfigBuilder noPreflightResponseHeaders() { - noPreflightHeaders = true; - return this; - } - /** * Specifies that a CORS request should be rejected if it's invalid before being * further processing. @@ -305,7 +213,7 @@ public NioCorsConfigBuilder shortCircuit() { * @return {@link NioCorsConfig} the configured CorsConfig instance. */ public NioCorsConfig build() { - if (preflightHeaders.isEmpty() && !noPreflightHeaders) { + if (preflightHeaders.isEmpty()) { preflightHeaders.put("date", DateValueGenerator.INSTANCE); preflightHeaders.put("content-length", new ConstantValueGenerator("0")); } diff --git a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsHandler.java b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsHandler.java index 5a9d114d67551..dfb531992f8ef 100644 --- a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsHandler.java +++ b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/cors/NioCorsHandler.java @@ -167,11 +167,6 @@ private void setPreflightHeaders(final HttpResponse response) { private boolean setOrigin(final HttpResponse response) { final String origin = request.headers().get(HttpHeaderNames.ORIGIN); if (!Strings.isNullOrEmpty(origin)) { - if ("null".equals(origin) && config.isNullOriginAllowed()) { - setAnyOrigin(response); - return true; - } - if (config.isAnyOriginSupported()) { if (config.isCredentialsAllowed()) { echoRequestOrigin(response); @@ -201,10 +196,6 @@ private boolean validateOrigin() { return true; } - if ("null".equals(origin) && config.isNullOriginAllowed()) { - return true; - } - // if the origin is the same as the host of the request, then allow if (isSameOrigin(origin, request.headers().get(HttpHeaderNames.HOST))) { return true;