fix UTF-8 headers
This commit is contained in:
parent
74394f0582
commit
7d5f08646e
@ -3,8 +3,10 @@
|
||||
*/
|
||||
package de.bstly.we.security;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
@ -27,6 +29,7 @@ import org.springframework.security.web.authentication.rememberme.JdbcTokenRepos
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
|
||||
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
|
||||
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
||||
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
@ -297,4 +300,21 @@ public class SecurityConfig {
|
||||
return rememberMeServices;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public StrictHttpFirewall httpFirewall() {
|
||||
StrictHttpFirewall firewall = new StrictHttpFirewall();
|
||||
Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
|
||||
firewall.setAllowedHeaderValues((header) -> {
|
||||
String parsed;
|
||||
try {
|
||||
parsed = new String(header.getBytes("ISO_8859_1"), "UTF_8");
|
||||
return allowed.matcher(parsed).matches();
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return allowed.matcher(header).matches();
|
||||
});
|
||||
return firewall;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user