Prevent ArrayIndexOutOfBoundsException in JwtTokenFilter.getTokenString

gothinkster / spring-boot-realworld-example-app

Example Spring codebase containing real world examples (CRUD, auth, advanced patterns, etc) that adheres to the RealWorld API spec.

MIT License

1.3k stars 677 forks source link

Prevent ArrayIndexOutOfBoundsException in JwtTokenFilter.getTokenString #6

Closed darioseidl closed 6 years ago

darioseidl commented 6 years ago

Hi! I was looking through your code (very helpful, thanks for the example) and noticed a typo in JwtTokenFilter.getTokenString: There's a missing space in the if-check for header.split("").length.

aisensiy commented 6 years ago

The JwtTokenFilter.java part is good, but im not sure whether adding h2 console to code is a good idea or not. Maybe we should add a env variable to control to show the h2?

darioseidl commented 6 years ago

Oh, I actually didn't mean to include the h2-console in the pull request. Still, it could be useful to other users as well.

The h2-console is already controlled by the spring.h2.console.enabled property (which can also be set via environment variable). I could make it so that permitAll on h2-console and x-frame-options same origin are only applied when this property is set to true. What that be better?