snyk: fix potential memory leak when maxAge = -1

descoped · Oct 1, 2024 · 303c166 · 303c166
1 parent 32f6480
commit 303c166
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/main/java/io/descoped/dc/application/controller/CORSHandler.java b/src/main/java/io/descoped/dc/application/controller/CORSHandler.java
@@ -77,6 +77,11 @@ public CORSHandler(HttpHandler next, HttpHandler fail, List<Pattern> originPatte
         this.originPatterns = originPatterns;
         this.supportsCredential = supportsCredential;
         this.preflightResponseCode = preflightResponseCode;
+
+        if (maxAge == -1) {
+            throw new IllegalStateException("maxAge cannot be -1 due to potential memory leak vulnerabilities.");
+        }
+
         this.maxAge = maxAge;
         this.allowedMethods = allowedMethods;
         this.allowedHeaders = allowedHeaders;