This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch 2.8.x
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/2.8.x by this push:
new 19955c049 [SCB-2861]able to add multiple origins for CORS
configuration (#4234)
19955c049 is described below
commit 19955c04931e85e71d75a4a7a7caab67e19da5c3
Author: liubao68 <[email protected]>
AuthorDate: Sun Feb 18 09:40:06 2024 +0800
[SCB-2861]able to add multiple origins for CORS configuration (#4234)
---
.../servicecomb/demo/crossapp/CrossappClient.java | 74 +++++++++++++++++++---
.../src/main/resources/microservice.yaml | 2 +-
.../transport/rest/vertx/RestServerVerticle.java | 15 ++++-
.../transport/rest/vertx/TransportConfig.java | 5 +-
.../rest/vertx/TestRestServerVerticle.java | 3 +-
.../transport/rest/vertx/TestTransportConfig.java | 11 ++--
6 files changed, 89 insertions(+), 21 deletions(-)
diff --git
a/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
b/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
index f76ca083c..785105707 100644
---
a/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
+++
b/demo/demo-crossapp/crossapp-client/src/main/java/org/apache/servicecomb/demo/crossapp/CrossappClient.java
@@ -32,6 +32,8 @@ import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.HttpServerErrorException;
+import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
@Component
@@ -64,25 +66,81 @@ public class CrossappClient {
result = helloWorld.sayHello();
TestMgr.check("hello world", result);
- testCorsHandler();
+ testCorsHandlerOptions();
+ testCorsHandlerGet();
}
- private static void testCorsHandler() {
- RestTemplate springRestTemplate = new RestTemplate();
+ private static void testCorsHandlerOptions() {
+ // first domain
+ RestOperations springRestTemplate = new RestTemplate();
MultiValueMap<String, String> requestHeaders = new LinkedMultiValueMap<>();
- requestHeaders.put("Origin",
Collections.singletonList("http://localhost:8080";));
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:8080";));
requestHeaders.put("Access-Control-Request-Method",
Collections.singletonList("PUT"));
-
HttpEntity<Object> requestEntity = new HttpEntity<>(requestHeaders);
ResponseEntity<String> responseEntity = springRestTemplate
.exchange("http://127.0.0.1:8080/helloworld/hello";,
HttpMethod.OPTIONS, requestEntity,
String.class);
-
- TestMgr.check("204", responseEntity.getStatusCodeValue());
+ TestMgr.check("204", responseEntity.getStatusCode().value());
TreeSet<String> sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Methods"));
TestMgr.check("[DELETE,POST,GET,PUT]", sortedSet);
sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Headers"));
TestMgr.check("[abc,def]", sortedSet);
- TestMgr.check("*",
responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+ TestMgr.check("http://test.domain:8080";,
+ responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+
+ // second domain
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:9090";));
+ requestHeaders.put("Access-Control-Request-Method",
Collections.singletonList("PUT"));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";,
HttpMethod.OPTIONS, requestEntity,
+ String.class);
+ TestMgr.check("204", responseEntity.getStatusCode().value());
+ sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Methods"));
+ TestMgr.check("[DELETE,POST,GET,PUT]", sortedSet);
+ sortedSet = new
TreeSet<>(responseEntity.getHeaders().get("Access-Control-Allow-Headers"));
+ TestMgr.check("[abc,def]", sortedSet);
+ TestMgr.check("http://test.domain:9090";,
+ responseEntity.getHeaders().getFirst("Access-Control-Allow-Origin"));
+ }
+
+ private static void testCorsHandlerGet() {
+ // allowed origin
+ RestOperations springRestTemplate = new RestTemplate();
+ MultiValueMap<String, String> requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:8080";));
+ HttpEntity<Object> requestEntity = new HttpEntity<>(requestHeaders);
+ ResponseEntity<String> responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+
+ TestMgr.check("200", responseEntity.getStatusCode().value());
+ TestMgr.check("\"hello world\"", responseEntity.getBody());
+
+ // allowed origin
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:9090";));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ responseEntity = springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+
+ TestMgr.check("200", responseEntity.getStatusCode().value());
+ TestMgr.check("\"hello world\"", responseEntity.getBody());
+
+ // not allowed origin
+ try {
+ requestHeaders = new LinkedMultiValueMap<>();
+ requestHeaders.put("Origin",
Collections.singletonList("http://test.domain:7070";));
+ requestEntity = new HttpEntity<>(requestHeaders);
+ springRestTemplate
+ .exchange("http://127.0.0.1:8080/helloworld/hello";, HttpMethod.GET,
requestEntity,
+ String.class);
+ TestMgr.fail("must throw");
+ } catch (HttpServerErrorException e) {
+ TestMgr.check(500, e.getStatusCode().value());
+ TestMgr.check(true, e.getMessage().contains("500 CORS Rejected"));
+ }
}
}
diff --git
a/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
b/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
index 3f263b861..36fd8c07b 100644
--- a/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
+++ b/demo/demo-crossapp/crossapp-server/src/main/resources/microservice.yaml
@@ -33,7 +33,7 @@ servicecomb:
address: 0.0.0.0:8080
cors:
enabled: true
- origin: "*"
+ origin: "http://test.domain:8080,http://test.domain:9090";
allowedHeader: abc,def
allowedMethod: GET,PUT,POST,DELETE
exposedHeader: abc,def
diff --git
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
index 39551b37d..1ec8b1489 100644
---
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
+++
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/RestServerVerticle.java
@@ -189,7 +189,7 @@ public class RestServerVerticle extends AbstractVerticle {
return;
}
- CorsHandler corsHandler =
getCorsHandler(TransportConfig.getCorsAllowedOrigin());
+ CorsHandler corsHandler = getCorsHandler();
// Access-Control-Allow-Credentials
corsHandler.allowCredentials(TransportConfig.isCorsAllowCredentials());
// Access-Control-Allow-Headers
@@ -211,8 +211,17 @@ public class RestServerVerticle extends AbstractVerticle {
mainRouter.route().handler(corsHandler);
}
- private CorsHandler getCorsHandler(String corsAllowedOrigin) {
- return CorsHandler.create().addOrigin(corsAllowedOrigin);
+ private CorsHandler getCorsHandler() {
+ CorsHandler handler = CorsHandler.create();
+ Set<String> origin = TransportConfig.getCorsAllowedOrigin();
+ if (origin.isEmpty()) {
+ handler.addOrigin("*");
+ } else {
+ for (String item : origin) {
+ handler.addOrigin(item);
+ }
+ }
+ return handler;
}
private void initDispatcher(Router mainRouter) {
diff --git
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
index 6e7f229b0..70490e0f3 100644
---
a/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
+++
b/transports/transport-rest/transport-rest-vertx/src/main/java/org/apache/servicecomb/transport/rest/vertx/TransportConfig.java
@@ -176,10 +176,11 @@ public final class TransportConfig {
.get();
}
- public static String getCorsAllowedOrigin() {
- return DynamicPropertyFactory.getInstance()
+ public static Set<String> getCorsAllowedOrigin() {
+ String allowedOrigin = DynamicPropertyFactory.getInstance()
.getStringProperty(SERVICECOMB_CORS_CONFIG_BASE + ".origin", "*")
.get();
+ return convertToSet(allowedOrigin);
}
public static boolean isCorsAllowCredentials() {
diff --git
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
index 684a6de69..13fe1bf41 100644
---
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
+++
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestRestServerVerticle.java
@@ -242,8 +242,7 @@ public class TestRestServerVerticle {
new MockUp<RestServerVerticle>() {
@Mock
- CorsHandler getCorsHandler(String corsAllowedOrigin) {
- Assertions.assertEquals("*", corsAllowedOrigin);
+ CorsHandler getCorsHandler() {
return corsHandler;
}
};
diff --git
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestTransportConfig.java
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestTransportConfig.java
index fd1e88d63..898600146 100644
---
a/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestTransportConfig.java
+++
b/transports/transport-rest/transport-rest-vertx/src/test/java/org/apache/servicecomb/transport/rest/vertx/TestTransportConfig.java
@@ -20,14 +20,14 @@ package org.apache.servicecomb.transport.rest.vertx;
import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
-
-import mockit.Mock;
-import mockit.MockUp;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import mockit.Mock;
+import mockit.MockUp;
+
public class TestTransportConfig {
@BeforeEach
@@ -129,10 +129,11 @@ public class TestTransportConfig {
@Test
public void testGetCorsAllowedOrigin() {
- Assertions.assertEquals("*", TransportConfig.getCorsAllowedOrigin());
+ Assertions.assertEquals(1, TransportConfig.getCorsAllowedOrigin().size());
+ Assertions.assertEquals("*",
TransportConfig.getCorsAllowedOrigin().iterator().next());
String origin = "http://localhost:8080";;
ArchaiusUtils.setProperty("servicecomb.cors.origin", origin);
- Assertions.assertEquals(origin, TransportConfig.getCorsAllowedOrigin());
+ Assertions.assertEquals(1, TransportConfig.getCorsAllowedOrigin().size());
}
@Test
