38. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 4/2/2019 1:06:54 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

38.1 Files compared

# Location File Last Modified
1 C:\AraxisMergeCompare\Pri_un\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\filter CORSFilter.java Wed Mar 27 19:21:10 2019 UTC
2 C:\AraxisMergeCompare\Pri_re\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\filter CORSFilter.java Thu Mar 28 17:50:44 2019 UTC

38.2 Comparison summary

Description Between
Files 1 and 2
Text Blocks Lines
Unchanged 2 138
Changed 1 2
Inserted 0 0
Removed 0 0

38.3 Comparison options

Whitespace
Character case Differences in character case are significant
Line endings Differences in line endings (CR and LF characters) are ignored
CR/LF characters Not shown in the comparison detail

38.4 Active regular expressions

No regular expressions were active.

38.5 Comparison detail

  1   /**
  2    * 
  3    */
  4   package go v.va.med.a rs.filter;
  5  
  6   import jav a.io.IOExc eption;
  7  
  8   import jav ax.servlet .FilterCha in;
  9   import jav ax.servlet .ServletEx ception;
  10   import jav ax.servlet .http.Http ServletReq uest;
  11   import jav ax.servlet .http.Http ServletRes ponse;
  12  
  13   import org .apache.lo gging.log4 j.util.Str ings;
  14   import org .springfra mework.web .filter.On cePerReque stFilter;
  15  
  16   /**
  17    * @author  
D NS     GANGAV
  18    *
  19    */
  20   public cla ss CORSFil ter extend s OncePerR equestFilt er {
  21           //  This is a  lot of me chanism, j ust to all ow me to a dd a comme nt on the  line conta ining "Con tent-Dispo sition"
  22           //  But it's  something  I saw in " What's new  in Java 8 ", so I wa nted to tr y it out.
  23           //  Technical ly, it is  more effic ient than  using stri ng concate nation. (" a" + "b")
  24           //  As a stat ic, it doe sn't add o verhead to  the class  instantia tions.
  25           st atic priva te final S tring acce ssControlA llowHeader s = 
  26                             String .join(", " , // separ ator
  27                                               "X-PINGOTH ER",
  28                                               "Content-T ype",
  29   //                                          "Content-D isposition ", // no l onger used  by /ars/v 1/api/{fil e,exportAs PDF} to co nvey filen ame
  30                                               // besides , Vamsi G.  says that  accessCon trolAllowH eaders is  for rest c alls, not  /ars/v1/ap i/{file,ex portAsPDF}  
  31                                               "X-Request ed-With",
  32                                               "accept",
  33                                               "Origin",
  34                                               "Access-Co ntrol-Requ est-Method ",
  35                                               "Access-Co ntrol-Requ est-Header s",
  36                                               "Authoriza tion");
  37           /*
  38            *  (non-Java doc)
  39            *  
  40            *  @see
  41            *  org.sprin gframework .web.filte r.OncePerR equestFilt er#doFilte rInternal(
  42            *  javax.ser vlet.http. HttpServle tRequest,
  43            *  javax.ser vlet.http. HttpServle tResponse,  javax.ser vlet.Filte rChain)
  44            * /
  45           pr otected vo id doFilte rInternal( HttpServle tRequest r eq, HttpSe rvletRespo nse res, F ilterChain  chain)
  46                             throws  ServletEx ception, I OException  {
  47                    res. setHeader( "Access-Co ntrol-Allo w-Origin",  "*");
  48                    res. setHeader( "Access-Co ntrol-Allo w-Methods" , "GET,POS T");
  49                    res. setHeader( "Access-Co ntrol-Max- Age", "360 0");
  50                    res. setHeader( "Access-Co ntrol-Allo w-Headers" , accessCo ntrolAllow Headers);
  51   // Replace d by the p revious li ne. Kept,  for now, f or code re viewer to  see.
  52   //               res. setHeader( "Access-Co ntrol-Allo w-Headers" ,
  53   //                                 "X-PINGO THER, " +
  54   //                                 "Content -Type, " +
  55   //                                 "Content -Dispositi on, " + //  used by / ars/v1/api /{file,exp ortAsPDF}  to convey  filename
  56   //                                 "X-Reque sted-With,  " +
  57   //                                 "accept,  " +
  58   //                                 "Origin,  " +
  59   //                                 "Access- Control-Re quest-Meth od, " +
  60   //                                 "Access- Control-Re quest-Head ers, " +
  61   //                                 "Authori zation");
  62                    res. addHeader( "Access-Co ntrol-Expo se-Headers ", "xsrf-t oken");
  63  
  64                    if ( "OPTIONS". equals(req .getMethod ())) {
  65                             res.se tStatus(Ht tpServletR esponse.SC _OK);
  66                    } el se {
  67                             chain. doFilter(r eq, res);
  68                    }
  69           }
  70   }