Check for null in allowedOrigin list

rstoyanchev · rstoyanchev · commit 1c17305d7b64 · 2021-06-02T17:14:28.000+01:00
Closes gh-26987
diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
@@ -22,6 +22,7 @@
 import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -138,13 +139,13 @@ public CorsConfiguration(CorsConfiguration other) {
 	 * However an instance of this class is often initialized further, e.g. for
 	 * {@code @CrossOrigin}, via {@link #applyPermitDefaultValues()}.
 	 */
-	public void setAllowedOrigins(@Nullable List<String> allowedOrigins) {
-		this.allowedOrigins = (allowedOrigins != null ?
-				allowedOrigins.stream().map(this::trimTrailingSlash).collect(Collectors.toList()) : null);
+	public void setAllowedOrigins(@Nullable List<String> origins) {
+		this.allowedOrigins = (origins == null ? null :
+				origins.stream().filter(Objects::nonNull).map(this::trimTrailingSlash).collect(Collectors.toList()));
 	}
 
 	private String trimTrailingSlash(String origin) {
-		return origin.endsWith("/") ? origin.substring(0, origin.length() - 1) : origin;
+		return (origin.endsWith("/") ? origin.substring(0, origin.length() - 1) : origin);
 	}
 
 	/**
@@ -158,7 +159,11 @@ public List<String> getAllowedOrigins() {
 	/**
 	 * Variant of {@link #setAllowedOrigins} for adding one origin at a time.
 	 */
+	@SuppressWarnings("ConstantConditions")
 	public void addAllowedOrigin(String origin) {
+		if (origin == null) {
+			return;
+		}
 		if (this.allowedOrigins == null) {
 			this.allowedOrigins = new ArrayList<>(4);
 		}
@@ -220,7 +225,11 @@ public List<String> getAllowedOriginPatterns() {
 	 * Variant of {@link #setAllowedOriginPatterns} for adding one origin at a time.
 	 * @since 5.3
 	 */
+	@SuppressWarnings("ConstantConditions")
 	public void addAllowedOriginPattern(String originPattern) {
+		if (originPattern == null) {
+			return;
+		}
 		if (this.allowedOriginPatterns == null) {
 			this.allowedOriginPatterns = new ArrayList<>(4);
 		}
