Author: jleroux
Date: Sat Nov 17 12:32:04 2018
New Revision: 1846793
URL:
http://svn.apache.org/viewvc?rev=1846793&view=revLog:
Improved: Use ‘String#equalsIgnoreCase’ in ‘RequestHandler#doRequest’
(OFBIZ-10451)
Use String#equalsIgnoreCase instead of combining String#equals and
String#toUpperCase. Additionally this avoids having to check the emptiness
of the X-Forwarded-Proto request header.
Thanks: Mathieu Lirzin
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/taglib/ContentUrlTag.java
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java?rev=1846793&r1=1846792&r2=1846793&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java Sat Nov 17 12:32:04 2018
@@ -326,9 +326,8 @@ public class RequestHandler {
}
}
// Check if we SHOULD be secure and are not.
- String forwardedProto = request.getHeader("X-Forwarded-Proto");
- boolean isForwardedSecure = UtilValidate.isNotEmpty(forwardedProto) && "HTTPS".equals(forwardedProto.toUpperCase());
- if ((!request.isSecure() && !isForwardedSecure) && requestMap.securityHttps) {
+ boolean forwardedHTTPS = "HTTPS".equalsIgnoreCase(request.getHeader("X-Forwarded-Proto"));
+ if (!request.isSecure() && !forwardedHTTPS && requestMap.securityHttps) {
// If the request method was POST then return an error to avoid problems with XSRF where the request may have come from another machine/program and had the same session ID but was not encrypted as it should have been (we used to let it pass to not lose data since it was too late to protect that data anyway)
if ("POST".equalsIgnoreCase(request.getMethod())) {
// we can't redirect with the body parameters, and for better security from XSRF, just return an error message
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/taglib/ContentUrlTag.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/taglib/ContentUrlTag.java?rev=1846793&r1=1846792&r2=1846793&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/taglib/ContentUrlTag.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/taglib/ContentUrlTag.java Sat Nov 17 12:32:04 2018
@@ -54,8 +54,7 @@ public class ContentUrlTag {
return;
}
GenericValue webSite = WebSiteWorker.getWebSite(request);
- String forwardedProto = request.getHeader("X-Forwarded-Proto");
- boolean isForwardedSecure = UtilValidate.isNotEmpty(forwardedProto) && "HTTPS".equals(forwardedProto.toUpperCase());
+ boolean isForwardedSecure = "HTTPS".equalsIgnoreCase(request.getHeader("X-Forwarded-Proto"));
boolean isSecure = request.isSecure() || isForwardedSecure;
appendContentPrefix(webSite, isSecure, urlBuffer);
}
Locked
