vertx-web icon indicating copy to clipboard operation
vertx-web copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

allowedHeadersString will never be null, so this else case will not be entered, this will trigger bug in some cases. please review and fix it.

Open ScathonLin opened this issue 3 years ago • 4 comments

https://github.com/vert-x3/vertx-web/blob/ff42212f74fc55ca73391933a707c2d2de358711/vertx-web/src/main/java/io/vertx/ext/web/handler/impl/CorsHandlerImpl.java#L198

ScathonLin avatar Mar 26 '22 03:03 ScathonLin

allowedMethodString has the same issue

ScathonLin avatar Mar 26 '22 03:03 ScathonLin

allowedMethodString has the same issue

allowedMethodString doesn't have an else block.

DeeDeji20 avatar Mar 26 '22 14:03 DeeDeji20

https://github.com/vert-x3/vertx-web/blob/ff42212f74fc55ca73391933a707c2d2de358711/vertx-web/src/main/java/io/vertx/ext/web/handler/impl/CorsHandlerImpl.java#L198

I would like to work on this issue. Can I?

DeeDeji20 avatar Mar 26 '22 14:03 DeeDeji20

yes,you can

---- 回复的原邮件 ---- | 发件人 | @.> | | 日期 | 2022年03月26日 22:18 | | 收件人 | @.> | | 抄送至 | @.@.> | | 主题 | Re: [vert-x3/vertx-web] allowedHeadersString will never be null, so this else case will not be entered, this will trigger bug in some cases. please review and fix it. (Issue #2152) |

https://github.com/vert-x3/vertx-web/blob/ff42212f74fc55ca73391933a707c2d2de358711/vertx-web/src/main/java/io/vertx/ext/web/handler/impl/CorsHandlerImpl.java#L198

I would like to work on this issue. Can I?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

ScathonLin avatar Mar 26 '22 14:03 ScathonLin

CORS implementation has been reviewed to follow the OWASP recommendations. I'd recommend against premature optimizations

pmlopes avatar Mar 23 '23 15:03 pmlopes