From 7d5f08646e61fe623d5eefa5c334cb7f3c5052a3 Mon Sep 17 00:00:00 2001
From: _Bastler <git@bstly.de>
Date: Fri, 2 Dec 2022 13:57:28 +0100
Subject: [PATCH] fix UTF-8 headers

---
 .../de/bstly/we/security/SecurityConfig.java  | 20 +++++++++++++++++++
 pom.xml                                       |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/de/bstly/we/security/SecurityConfig.java b/core/src/main/java/de/bstly/we/security/SecurityConfig.java
index b0a7a71..3fcac9a 100755
--- a/core/src/main/java/de/bstly/we/security/SecurityConfig.java
+++ b/core/src/main/java/de/bstly/we/security/SecurityConfig.java
@@ -3,8 +3,10 @@
  */
 package de.bstly.we.security;
 
+import java.io.UnsupportedEncodingException;
 import java.util.Collections;
 import java.util.List;
+import java.util.regex.Pattern;
 
 import javax.sql.DataSource;
 
@@ -27,6 +29,7 @@ import org.springframework.security.web.authentication.rememberme.JdbcTokenRepos
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
@@ -297,4 +300,21 @@ public class SecurityConfig {
 		return rememberMeServices;
 	}
 
+	@Bean
+	public StrictHttpFirewall httpFirewall() {
+		StrictHttpFirewall firewall = new StrictHttpFirewall();
+		Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
+		firewall.setAllowedHeaderValues((header) -> {
+			String parsed;
+			try {
+				parsed = new String(header.getBytes("ISO_8859_1"), "UTF_8");
+				return allowed.matcher(parsed).matches();
+			} catch (UnsupportedEncodingException e) {
+				e.printStackTrace();
+			}
+			return allowed.matcher(header).matches();
+		});
+		return firewall;
+	}
+
 }
diff --git a/pom.xml b/pom.xml
index 8dd23f7..d4c8f79 100755
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
 		<log4j2.version>2.19.0</log4j2.version>
-		<revision>2.0.0-SNAPSHOT</revision>
+		<revision>2.0.1-SNAPSHOT</revision>
 	</properties>
 
 	<parent>