stackoom
  简体   繁体   中英

Java get TRUE origin in HttpServletRequest

 原文  2016-11-03 14:30:32       java/ cors/ cross-domain

Question

i'm building rest API, with CORS enabled. Since API have to be accessed form known domains, i have to check if origin of request is in "White listed" domains.

But i have to be 100% sure, that origin of request is really origin, not some modified header.

I found this link: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name

About forbidden header names, so i'm asking is this information is OK, nobody can change header origin?

I'm accessing request in Java like this: 

(HttpServletRequest) request.getHeader("origin")

Is this how i do it?

1 answers

solution1
 0  2017-01-05 07:30:04

Spring has excellent out-of-box support to handle cross origin request(s) which can be used via xml or java configuration.

Also the configuration can be either global ( via CorsRegistry ) or controller specific ( @CrossOrigin ) for granular control

Have a look here and here which has good details on how to get started and how it works.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get client Ip Address in Java HttpServletRequest How to get HttpServletRequest object in PHP Java Bridge? Java HttpServletRequest get URL in browsers URL bar Get the HttpServletRequest (request) object from Java code Java get JSON data from HttpServletRequest Java: Get JSON from POST with HttpServletRequest? get body content @Context HttpServletRequest java jersey jQuery to get value from page and pass it to HTTPServletRequest for java to use Java get context url in spring service without HttpServletRequest How to get which endpoint operation is called from the HttpServletRequest in java?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM