0

Is there any way to override isPreFlightRequest in my Spring Boot Application? As per Docs we cannot override static methods so I wanted to know if there's any other way to rewrite it so that the compiler doesn't reach here.

public abstract class CorsUtils {

    /**
     * Returns {@code true} if the request is a valid CORS one by checking {@code Origin}
     * header presence and ensuring that origins are different via {@link #isSameOrigin}.
     */
    @SuppressWarnings("deprecation")
    public static boolean isCorsRequest(ServerHttpRequest request) {
        return request.getHeaders().containsKey(HttpHeaders.ORIGIN) && !isSameOrigin(request);
    }

    /**
     * Returns {@code true} if the request is a valid CORS pre-flight one by checking {code OPTIONS} method with
     * {@code Origin} and {@code Access-Control-Request-Method} headers presence.
     */
    public static boolean isPreFlightRequest(ServerHttpRequest request) {
        HttpHeaders headers = request.getHeaders();
        return (request.getMethod() == HttpMethod.OPTIONS
                && headers.containsKey(HttpHeaders.ORIGIN)
                && headers.containsKey(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD));
    }
Dexter
  • 21
  • 1
  • 6
  • you can "hide" it in the implementation, but then you'll need to make sure you declare your instances appropriately. – Stultuske Oct 14 '22 at 11:49
  • What do you want to do ? Set up CORS or do some testing with mock ? With PowerMock you can do your testing. CORS can, and must be configured with Spring Security configuration, i.e. – Victor Gubin Oct 14 '22 at 11:52
  • I want it to be hardcoded with return false – Dexter Oct 14 '22 at 11:53
  • It came as a bug with spring version upgrade @VictorGubin and I just want to return false from this new function somehow. This function wasn't there in the previous version – Dexter Oct 14 '22 at 11:55
  • 1
    To allow everything ? The only way in this case - use ASM/CGLIB to replace class on class loader level. Strictly not recommended, CORS protection does matter, this is security hijacking prevention first off all. You will fail the security scan if you have any. – Victor Gubin Oct 14 '22 at 11:58
  • BWT To prevent you from solving XY problem. If you have a few micro-services in Claud and your Angualr/Vue/React UI app hosted by some ingress and you have a CORS errors on browser level, since this UI communicating with a few domains at time, you should look into API gateway, build a BFF etc instead trying to hack Spring Framework. Spring security doing exactly what it expected to do. – Victor Gubin Oct 14 '22 at 12:12

1 Answers1

0

It looks like this question was answered here

Is it possible to override a static method in derived class?

Since you will be creating a derived class of CorsUtils, you would use method hiding to keep the original static method from running.

OCEAN OESTREICHER
  • 34
  • 3