7 年之前 · a95f05780d
--- a/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfig.java
+++ b/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfig.java
@@ -48,7 +48,6 @@ public final class Netty4CorsConfig {
 
				     private final long maxAge;
			
 
				     private final Set<HttpMethod> allowedRequestMethods;
			
 
				     private final Set<String> allowedRequestHeaders;
			
 
				-    private final boolean allowNullOrigin;
			
 
				     private final Map<CharSequence, Callable<?>> preflightHeaders;
			
 
				     private final boolean shortCircuit;
			
 
				 
			
@@ -61,7 +60,6 @@ public final class Netty4CorsConfig {
 
				         maxAge = builder.maxAge;
			
 
				         allowedRequestMethods = builder.requestMethods;
			
 
				         allowedRequestHeaders = builder.requestHeaders;
			
 
				-        allowNullOrigin = builder.allowNullOrigin;
			
 
				         preflightHeaders = builder.preflightHeaders;
			
 
				         shortCircuit = builder.shortCircuit;
			
 
				     }
			
@@ -108,19 +106,6 @@ public final class Netty4CorsConfig {
 
				         return false;
			
 
				     }
			
 
				 
			
 
				-    /**
			
 
				-     * Web browsers may set the 'Origin' request header to 'null' if a resource is loaded
			
 
				-     * from the local file system.
			
 
				-     *
			
 
				-     * If isNullOriginAllowed is true then the server will response with the wildcard for the
			
 
				-     * the CORS response header 'Access-Control-Allow-Origin'.
			
 
				-     *
			
 
				-     * @return {@code true} if a 'null' origin should be supported.
			
 
				-     */
			
 
				-    public boolean isNullOriginAllowed() {
			
 
				-        return allowNullOrigin;
			
 
				-    }
			
 
				-
			
 
				     /**
			
 
				      * Determines if credentials are supported for CORS requests.
			
 
				      *
			
--- a/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfigBuilder.java
+++ b/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsConfigBuilder.java
@@ -74,7 +74,6 @@ public final class Netty4CorsConfigBuilder {
 
				     Optional<Set<String>> origins;
			
 
				     Optional<Pattern> pattern;
			
 
				     final boolean anyOrigin;
			
 
				-    boolean allowNullOrigin;
			
 
				     boolean enabled = true;
			
 
				     boolean allowCredentials;
			
 
				     long maxAge;
			
--- a/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsHandler.java
+++ b/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/cors/Netty4CorsHandler.java
@@ -167,11 +167,6 @@ public class Netty4CorsHandler extends ChannelDuplexHandler {
 
				     private boolean setOrigin(final HttpResponse response) {
			
 
				         final String origin = request.headers().get(HttpHeaderNames.ORIGIN);
			
 
				         if (!Strings.isNullOrEmpty(origin)) {
			
 
				-            if ("null".equals(origin) && config.isNullOriginAllowed()) {
			
 
				-                setAnyOrigin(response);
			
 
				-                return true;
			
 
				-            }
			
 
				-
			
 
				             if (config.isAnyOriginSupported()) {
			
 
				                 if (config.isCredentialsAllowed()) {
			
 
				                     echoRequestOrigin(response);
			
@@ -201,10 +196,6 @@ public class Netty4CorsHandler extends ChannelDuplexHandler {
 
				             return true;
			
 
				         }
			
 
				 
			
 
				-        if ("null".equals(origin) && config.isNullOriginAllowed()) {
			
 
				-            return true;
			
 
				-        }
			
 
				-
			
 
				         // if the origin is the same as the host of the request, then allow
			
 
				         if (isSameOrigin(origin, request.headers().get(HttpHeaderNames.HOST))) {
			
 
				             return true;