Validate methods against supported ones

2021-01-19 23:31:02 +01:00 · 2021-01-19 23:31:02 +01:00 · a82eb88f12
commit a82eb88f12
--- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
+++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
@ -26,6 +26,7 @@ import java.util.regex.Pattern;
 import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;

@ -33,6 +34,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 final class CrossOriginResourceSharing {
+    public static final Collection<String> SUPPORTED_METHODS =
+            ImmutableList.of("GET", "PUT", "POST", "HEAD");
+
    private static final String HEADER_VALUE_SEPARATOR = ", ";
    private static final String ALLOW_ANY_HEADER = "*";

@ -47,7 +51,7 @@ final class CrossOriginResourceSharing {

    protected CrossOriginResourceSharing() {
        // CORS Allow all
-        this(Lists.newArrayList(".*"), Lists.newArrayList("GET", "PUT", "POST"),
+        this(Lists.newArrayList(".*"), SUPPORTED_METHODS,
                Lists.newArrayList(ALLOW_ANY_HEADER));
    }

--- a/src/main/java/org/gaul/s3proxy/S3Proxy.java
+++ b/src/main/java/org/gaul/s3proxy/S3Proxy.java
@ -22,9 +22,11 @@ import static com.google.common.base.Preconditions.checkArgument;

 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Collection;
 import java.util.Objects;
 import java.util.Properties;

+import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
@ -256,6 +258,18 @@ public final class S3Proxy {
                Splitter splitter = Splitter.on(" ").trimResults()
                        .omitEmptyStrings();

+                //Validate configured methods
+                Collection<String> allowedMethods = Lists.newArrayList(
+                        splitter.split(corsAllowMethods));
+                allowedMethods.removeAll(
+                        CrossOriginResourceSharing.SUPPORTED_METHODS);
+                if (!allowedMethods.isEmpty()) {
+                    throw new IllegalArgumentException(
+                        S3ProxyConstants.PROPERTY_CORS_ALLOW_METHODS +
+                        " contains not supported values: " + Joiner.on(" ")
+                        .join(allowedMethods));
+                }
+
                builder.corsRules(new CrossOriginResourceSharing(
                        Lists.newArrayList(splitter.split(corsAllowOrigins)),
                        Lists.newArrayList(splitter.split(corsAllowMethods)),