Skip to content

Commit b296063

Browse files
francisffrancisf
authored
Merge pull request #93 from kumarb24/TRAP-505
adds new origins to the list of allowed origins for the BrowserStack plugin
2 parents 9aa5761 + 236399b commit b296063

File tree

1 file changed

+18
-9
lines changed

1 file changed

+18
-9
lines changed

src/main/java/com/browserstack/automate/ci/jenkins/observability/AccessControlsFilter.java

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,7 @@
2323
import javax.servlet.http.HttpServletResponse;
2424
import java.io.IOException;
2525
import java.io.ObjectStreamException;
26-
import java.util.Arrays;
27-
import java.util.Collections;
28-
import java.util.List;
26+
import java.util.*;
2927
import java.util.logging.Logger;
3028

3129
/**
@@ -65,12 +63,23 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
6563
HttpServletRequest req = (HttpServletRequest) request;
6664
HttpServletResponse resp = (HttpServletResponse) response;
6765

68-
resp.addHeader("Access-Control-Allow-Credentials", "true");
69-
resp.addHeader("Access-Control-Allow-Origin", "https://observability.browserstack.com");
70-
resp.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
71-
resp.addHeader("Access-Control-Allow-Headers", "*");
72-
resp.addHeader("Access-Control-Expose-Headers", "*");
73-
resp.addHeader("Access-Control-Max-Age", "999");
66+
Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(
67+
"https://observability.browserstack.com",
68+
"https://automation.browserstack.com",
69+
"https://automate.browserstack.com",
70+
"https://app-automate.browserstack.com",
71+
"https://test-management.browserstack.com"
72+
));
73+
74+
String origin = req.getHeader("Origin");
75+
if (origin != null && allowedOrigins.contains(origin)) {
76+
resp.addHeader("Access-Control-Allow-Credentials", "true");
77+
resp.addHeader("Access-Control-Allow-Origin", origin);
78+
resp.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
79+
resp.addHeader("Access-Control-Allow-Headers", "*");
80+
resp.addHeader("Access-Control-Expose-Headers", "*");
81+
resp.addHeader("Access-Control-Max-Age", "999");
82+
}
7483

7584
if (req.getMethod().equals(PREFLIGHT_REQUEST)) {
7685
resp.setStatus(200);

0 commit comments

Comments
 (0)