This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push:
new 4e17365dc [SCB-2861]able to add multiple origins for CORS
configuration (#4233)
4e17365dc is described below
commit 4e17365dc1f338a184ffdd09cc8c125c116db228
Author: liubao68 <[email protected]>
AuthorDate: Sun Feb 18 08:56:18 2024 +0800
[SCB-2861]able to add multiple origins for CORS configuration (#4233)
---
.../servicecomb/demo/crossapp/CrossappClient.java | 69 ++++++++++++++++++++--
.../src/main/resources/microservice.yaml | 2 +-
.../transport/rest/vertx/RestServerVerticle.java | 15 ++++-
.../transport/rest/vertx/TransportConfig.java | 4 +-
.../rest/vertx/TestRestServerVerticle.java | 7 +--
5 files changed, 81 insertions(+), 16 deletions(-)
diff --git
a/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
b/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
index cfdaec541..7d7864896 100644
---
a/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
+++
b/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
@@ -32,6 +32,7 @@ import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
@@ -62,28 +63,84 @@ public class CrossappClient {
result = helloWorld.sayHello();
TestMgr.check("hello world", result);
- testCorsHandler();
+ testCorsHandlerOptions();
+ testCorsHandlerGet();
TestMgr.summary();
System.setProperty("sun.net.http.allowRestrictedHeaders", "false");
}
- private static void testCorsHandler() {
+ private static void testCorsHandlerOptions() {
+ // first domain
RestOperations springRestTemplate = new RestTemplate();
MultiValueMap<String, String> requestHeaders = new LinkedMultiValueMap<>();
- requestHeaders.put("Origin",
Collections.singletonList("http://localhost:8080";));
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:8080";));
requestHeaders.put("Access-Control-Request-Method",
Collections.singletonList("PUT"));
-
HttpEntity<Object> requestEntity = new HttpEntity<>(requestHeaders);
ResponseEntity<String> responseEntity = springRestTemplate
.exchange("http://127.0.0.1:8080/helloworld/hello";,
HttpMethod.OPTIONS, requestEntity,
String.class);
-
TestMgr.check("204", responseEntity.getStatusCode().value());
TreeSet<String> sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Methods"));
TestMgr.check("[DELETE,POST,GET,PUT]", sortedSet);
sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Headers"));
TestMgr.check("[abc,def]", sortedSet);
- TestMgr.check("*",
responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+ TestMgr.check("http://test.domain:8080";,
+ responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+
+ // second domain
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:9090";));
+ requestHeaders.put("Access-Control-Request-Method",
Collections.singletonList("PUT"));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";,
HttpMethod.OPTIONS, requestEntity,
+ String.class);
+ TestMgr.check("204", responseEntity.getStatusCode().value());
+ sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Methods"));
+ TestMgr.check("[DELETE,POST,GET,PUT]", sortedSet);
+ sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Headers"));
+ TestMgr.check("[abc,def]", sortedSet);
+ TestMgr.check("http://test.domain:9090";,
+ responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+ }
+
+ private static void testCorsHandlerGet() {
+ // allowed origin
+ RestOperations springRestTemplate = new RestTemplate();
+ MultiValueMap<String, String> requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:8080";));
+ HttpEntity<Object> requestEntity = new HttpEntity<>(requestHeaders);
+ ResponseEntity<String> responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+
+ TestMgr.check("200", responseEntity.getStatusCode().value());
+ TestMgr.check("hello world", responseEntity.getBody());
+
+ // allowed origin
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:9090";));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+
+ TestMgr.check("200", responseEntity.getStatusCode().value());
+ TestMgr.check("hello world", responseEntity.getBody());
+
+ // not allowed origin
+ try {
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:7070";));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+ TestMgr.fail("must throw");
+ } catch (HttpServerErrorException e) {
+ TestMgr.check(500, e.getStatusCode().value());
+ TestMgr.check(true, e.getMessage().contains("500 CORS Rejected"));
+ }
}
}
diff --git
a/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
b/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
index a3b4d2241..0f1bbdc88 100644
--- a/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
+++ b/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
@@ -30,7 +30,7 @@ servicecomb:
address: 0.0.0.0:8080
cors:
enabled: true
- origin: "*"
+ origin: "http://test.domain:8080,http://test.domain:9090";
allowedHeader: abc,def
allowedMethod: GET,PUT,POST,DELETE
exposedHeader: abc,def
diff --git
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
index 4583eb472..93920dbc1 100644
---
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
+++
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
@@ -188,7 +188,7 @@ public class RestServerVerticle extends AbstractVerticle {
return;
}
- CorsHandler corsHandler =
getCorsHandler(TransportConfig.getCorsAllowedOrigin());
+ CorsHandler corsHandler = getCorsHandler();
// Access-Control-Allow-Credentials
corsHandler.allowCredentials(TransportConfig.isCorsAllowCredentials());
// Access-Control-Allow-Headers
@@ -210,8 +210,17 @@ public class RestServerVerticle extends AbstractVerticle {
mainRouter.route().handler(corsHandler);
}
- private CorsHandler getCorsHandler(String corsAllowedOrigin) {
- return CorsHandler.create().addOrigin(corsAllowedOrigin);
+ private CorsHandler getCorsHandler() {
+ CorsHandler handler = CorsHandler.create();
+ String[] origin = TransportConfig.getCorsAllowedOrigin();
+ if (origin == null) {
+ handler.addOrigin("*");
+ } else {
+ for (String item : origin) {
+ handler.addOrigin(item);
+ }
+ }
+ return handler;
}
private void initDispatcher(Router mainRouter) {
diff --git
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
index a07cb12b0..07a2508fe 100644
---
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
+++
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
@@ -165,9 +165,9 @@ public final class TransportConfig {
.getBooleanProperty(SERVICECOMB_CORS_CONFIG_BASE + ".enabled", false);
}
- public static String getCorsAllowedOrigin() {
+ public static String[] getCorsAllowedOrigin() {
return LegacyPropertyFactory
- .getStringProperty(SERVICECOMB_CORS_CONFIG_BASE + ".origin", "*");
+ .getProperty(SERVICECOMB_CORS_CONFIG_BASE + ".origin", String[].class);
}
public static boolean isCorsAllowCredentials() {
diff --git
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
index 3d3545a8e..7193f6541 100644
---
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
+++
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
@@ -267,8 +267,8 @@ public class TestRestServerVerticle {
false))
.thenReturn(true);
Mockito.when(environment.getProperty("servicecomb.cors.origin",
- "*"))
- .thenReturn("*");
+ String[].class))
+ .thenReturn(null);
Mockito.when(environment.getProperty("servicecomb.cors.allowedMethod"))
.thenReturn("GET,PUT,POST");
Mockito.when(environment.getProperty("servicecomb.cors.allowedHeader"))
@@ -326,8 +326,7 @@ public class TestRestServerVerticle {
new MockUp<RestServerVerticle>() {
@Mock
- CorsHandler getCorsHandler(String corsAllowedOrigin) {
- Assertions.assertEquals("*", corsAllowedOrigin);
+ CorsHandler getCorsHandler() {
return corsHandler;
}
};
