+htp #20535 add checkSameOrigin directive to HeaderDirectives (#20560)

* #20535 add checkSameOrigin directive to WebSocketDirectives * refactoring + add docs * refactoring + cleanup in docs * fix types and conversions in the InvalidOriginHeaderRejection * simplify InvalidOriginHeaderRejection to InvalidOriginRejection
2016-06-02 13:58:20 +04:00 · 2016-06-02 13:58:20 +04:00 · 0eda4075ef
commit 0eda4075ef
parent 8ba36be6c4
16 changed files with 237 additions and 27 deletions
--- a/akka-docs/rst/java/http/routing-dsl/directives/alphabetically.rst
+++ b/akka-docs/rst/java/http/routing-dsl/directives/alphabetically.rst
@ -19,6 +19,7 @@ Directive                                        Description
 :ref:`-authorizeAsync-java-`                     Applies the given asynchronous authorization check to the request 
 :ref:`-cancelRejection-java-`                    Adds a ``TransformationRejection`` cancelling all rejections equal to the given one to the rejections potentially coming back from the inner route. 
 :ref:`-cancelRejections-java-`                   Adds a ``TransformationRejection`` cancelling all matching rejections to the rejections potentially coming back from the inner route
+:ref:`-checkSameOrigin-java-`                    Checks that the request comes from the same origin
 :ref:`-complete-java-`                           Completes the request using the given arguments
 :ref:`-completeOrRecoverWith-java-`              "Unwraps" a ``CompletionStage<T>`` and runs the inner route when the future has failed with the error as an extraction of type ``Throwable``
 :ref:`-completeWith-java-`                       Uses the marshaller for a given type to extract a completion function
--- a/akka-docs/rst/java/http/routing-dsl/directives/header-directives/checkSameOrigin.rst
+++ b/akka-docs/rst/java/http/routing-dsl/directives/header-directives/checkSameOrigin.rst
@ -0,0 +1,17 @@
+.. _-checkSameOrigin-java-:
+
+checkSameOrigin
+===============
+
+Description
+-----------
+Checks that request comes from the same origin. Extracts the ``Origin`` header value and verifies that allowed range
+contains the obtained value. In the case of absent of the ``Origin`` header rejects with a ``MissingHeaderRejection``.
+If the origin value is not in the allowed range rejects with an ``InvalidOriginHeaderRejection``
+and ``StatusCodes.FORBIDDEN`` status.
+
+Example
+-------
+Checking the ``Origin`` header:
+
+.. includecode:: ../../../../code/docs/http/javadsl/server/directives/HeaderDirectivesExamplesTest.java#checkSameOrigin
--- a/akka-docs/rst/java/http/routing-dsl/directives/header-directives/index.rst
+++ b/akka-docs/rst/java/http/routing-dsl/directives/header-directives/index.rst
@ -17,3 +17,4 @@ response headers use one of the :ref:`RespondWithDirectives-java`.
   optionalHeaderValueByName
   optionalHeaderValueByType
   optionalHeaderValuePF
+   checkSameOrigin