Update of CORS policy

Fixed ControllerServlet
Fixed CORSFilter for REST services

src/main/java/cz/hsrs/rest/util/CorsFilter.java

@@ -8,9 +8,16 @@ public class CorsFilter implements ContainerResponseFilter {
 
     @Override
     public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
-    	responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
-    	responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
-    	responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
-    	responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        String origin = requestContext.getHeaderString("Origin");
+        if (origin != null && !origin.isEmpty()) {
+            responseContext.getHeaders().add("Access-Control-Allow-Origin", origin);
+            responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+            responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
+            responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        }
+        else {
+        	responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        	responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        }
     }
 }

src/main/java/cz/hsrs/servlet/security/ControllerServlet.java

@@ -7,7 +7,6 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.Request;
 
 import cz.hsrs.servlet.provider.DBServlet;
 
@@ -42,9 +41,9 @@ public class ControllerServlet extends DBServlet {
             /** uspesny login - dej uzivatele do session a presmeruj */
             session.setAttribute(JSPHelper.USERATTRIBUTE, user);
             
-            Cookie sescookie = new Cookie("sessionid",req.getSession().getId());
-            Cookie langcookie = new Cookie("language",user.getUserLanguage());
-            Cookie audiocookie = new Cookie("audio",String.valueOf(user.isAudio()));
+            Cookie sescookie = new Cookie("sessionid", req.getSession().getId());
+            Cookie langcookie = new Cookie("language", user.getUserLanguage());
+            Cookie audiocookie = new Cookie("audio", String.valueOf(user.isAudio()));
             sescookie.setPath("/");
             langcookie.setPath("/");
             audiocookie.setPath("/");
@@ -54,10 +53,10 @@ public class ControllerServlet extends DBServlet {
             
             if(coming != null){
                 if (coming.equalsIgnoreCase("null") == false){
-                    if(coming.equalsIgnoreCase("/insert.jsp")==true){
+                    if(coming.equalsIgnoreCase("/insert.jsp") == true){
                         JSPHelper.redirect(resp, req.getContextPath() + "/insert.jsp?unit_id");
                     }
-                    else if(coming.equalsIgnoreCase("/vypis.jsp")==true){
+                    else if(coming.equalsIgnoreCase("/vypis.jsp") == true){
                         JSPHelper.redirect(resp, req.getContextPath() + "/index.jsp");
                     }
                     else{