NETWORK: Remove Dead Code from Netty4CorsConfig

* Same as elastic#34324 for the Netty transport, the `isNullOriginAllowed` setting is always false
original-brownbear · Oct 27, 2018 · 36f2fb8 · 36f2fb8
1 parent 71dddfd
commit 36f2fb8
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 25 deletions.
diff --git a/...s/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfig.java b/...s/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfig.java
@@ -48,7 +48,6 @@ public final class Netty4CorsConfig {
     private final long maxAge;
     private final Set<HttpMethod> allowedRequestMethods;
     private final Set<String> allowedRequestHeaders;
-    private final boolean allowNullOrigin;
     private final Map<CharSequence, Callable<?>> preflightHeaders;
     private final boolean shortCircuit;
 
@@ -61,7 +60,6 @@ public final class Netty4CorsConfig {
         maxAge = builder.maxAge;
         allowedRequestMethods = builder.requestMethods;
         allowedRequestHeaders = builder.requestHeaders;
-        allowNullOrigin = builder.allowNullOrigin;
         preflightHeaders = builder.preflightHeaders;
         shortCircuit = builder.shortCircuit;
     }
@@ -108,19 +106,6 @@ public boolean isOriginAllowed(final String origin) {
         return false;
     }
 
-    /**
-     * Web browsers may set the 'Origin' request header to 'null' if a resource is loaded
-     * from the local file system.
-     *
-     * If isNullOriginAllowed is true then the server will response with the wildcard for the
-     * the CORS response header 'Access-Control-Allow-Origin'.
-     *
-     * @return {@code true} if a 'null' origin should be supported.
-     */
-    public boolean isNullOriginAllowed() {
-        return allowNullOrigin;
-    }
-
     /**
      * Determines if credentials are supported for CORS requests.
      *

diff --git a/...port-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfigBuilder.java b/...port-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfigBuilder.java
@@ -74,7 +74,6 @@ public static Netty4CorsConfigBuilder forOrigins(final String... origins) {
     Optional<Set<String>> origins;
     Optional<Pattern> pattern;
     final boolean anyOrigin;
-    boolean allowNullOrigin;
     boolean enabled = true;
     boolean allowCredentials;
     long maxAge;

diff --git a/.../transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsHandler.java b/.../transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsHandler.java
@@ -167,11 +167,6 @@ private void setPreflightHeaders(final HttpResponse response) {
     private boolean setOrigin(final HttpResponse response) {
         final String origin = request.headers().get(HttpHeaderNames.ORIGIN);
         if (!Strings.isNullOrEmpty(origin)) {
-            if ("null".equals(origin) && config.isNullOriginAllowed()) {
-                setAnyOrigin(response);
-                return true;
-            }
-
             if (config.isAnyOriginSupported()) {
                 if (config.isCredentialsAllowed()) {
                     echoRequestOrigin(response);
@@ -201,10 +196,6 @@ private boolean validateOrigin() {
             return true;
         }
 
-        if ("null".equals(origin) && config.isNullOriginAllowed()) {
-            return true;
-        }
-
         // if the origin is the same as the host of the request, then allow
         if (isSameOrigin(origin, request.headers().get(HttpHeaderNames.HOST))) {
             return true;