[apisix] branch master updated: bugfix: avoid overwriting Vary header in cors plugin (#2271)

Sun, 27 Sep 2020 01:43:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 70bd980  bugfix: avoid overwriting Vary header in cors plugin (#2271)
70bd980 is described below

commit 70bd9802c52369b902b6944e3f5f5d18863954b0
Author: 罗泽轩 <[email protected]>
AuthorDate: Sun Sep 27 16:43:09 2020 +0800

    bugfix: avoid overwriting Vary header in cors plugin (#2271)
---
 apisix/core/response.lua | 30 +++++++++++++++++++++++++++---
 apisix/plugins/cors.lua  |  2 +-
 t/core/response.t        | 42 ++++++++++++++++++++++++++++++++++++++++++
 t/lib/server.lua         | 10 ++++++++++
 t/plugin/cors.t          |  3 ++-
 5 files changed, 82 insertions(+), 5 deletions(-)

diff --git a/apisix/core/response.lua b/apisix/core/response.lua
index ed0ed00..6276efd 100644
--- a/apisix/core/response.lua
+++ b/apisix/core/response.lua
@@ -18,6 +18,12 @@ local encode_json = require("cjson.safe").encode
 local ngx = ngx
 local ngx_print = ngx.print
 local ngx_header = ngx.header
+local ngx_add_header
+if ngx.config.subsystem == "http" then
+    local ngx_resp = require "ngx.resp"
+    ngx_add_header = ngx_resp.add_header
+end
+
 local error = error
 local select = select
 local type = type
@@ -85,7 +91,7 @@ function _M.say(...)
 end
 
 
-function _M.set_header(...)
+local function set_header(append, ...)
     if ngx.headers_sent then
       error("headers have already been sent", 2)
     end
@@ -98,18 +104,36 @@ function _M.set_header(...)
         end
 
         for k, v in pairs(headers) do
-            ngx_header[k] = v
+            if append then
+                ngx_add_header(k, v)
+            else
+                ngx_header[k] = v
+            end
         end
 
         return
     end
 
     for i = 1, count, 2 do
-        ngx_header[select(i, ...)] = select(i + 1, ...)
+        if append then
+            ngx_add_header(select(i, ...), select(i + 1, ...))
+        else
+            ngx_header[select(i, ...)] = select(i + 1, ...)
+        end
     end
 end
 
 
+function _M.set_header(...)
+    set_header(false, ...)
+end
+
+
+function _M.add_header(...)
+    set_header(true, ...)
+end
+
+
 function _M.get_upstream_status(ctx)
     -- $upstream_status maybe including mutiple status, only need the last one
     return tonumber(str_sub(ctx.var.upstream_status or "", -3))
diff --git a/apisix/plugins/cors.lua b/apisix/plugins/cors.lua
index 1cc4ec0..19c01d8 100644
--- a/apisix/plugins/cors.lua
+++ b/apisix/plugins/cors.lua
@@ -129,7 +129,7 @@ local function set_cors_headers(conf, ctx)
 
     core.response.set_header("Access-Control-Allow-Origin", 
ctx.cors_allow_origins)
     if ctx.cors_allow_origins ~= "*" then
-        core.response.set_header("Vary", "Origin")
+        core.response.add_header("Vary", "Origin")
     end
 
     core.response.set_header("Access-Control-Allow-Methods", allow_methods)
diff --git a/t/core/response.t b/t/core/response.t
index b8a3cb0..4563305 100644
--- a/t/core/response.t
+++ b/t/core/response.t
@@ -100,3 +100,45 @@ aaa: bbb
 ccc: ddd
 --- no_error_log
 [error]
+
+
+
+=== TEST 5: multiple reponse headers (add)
+--- config
+    location = /t {
+        access_by_lua_block {
+            local core = require("apisix.core")
+            core.response.add_header("aaa", "bbb", "aaa", "bbb")
+            core.response.exit(200, "done\n")
+        }
+    }
+--- request
+GET /t
+--- response_body
+done
+--- response_headers
+aaa: bbb, bbb
+--- no_error_log
+[error]
+
+
+
+=== TEST 6: multiple reponse headers by table (add)
+--- config
+    location = /t {
+        access_by_lua_block {
+            local core = require("apisix.core")
+            core.response.set_header({aaa = "bbb"})
+            core.response.add_header({aaa = "bbb", ccc = "ddd"})
+            core.response.exit(200, "done\n")
+        }
+    }
+--- request
+GET /t
+--- response_body
+done
+--- response_headers
+aaa: bbb, bbb
+ccc: ddd
+--- no_error_log
+[error]
diff --git a/t/lib/server.lua b/t/lib/server.lua
index 3a0edae..f9fb703 100644
--- a/t/lib/server.lua
+++ b/t/lib/server.lua
@@ -20,6 +20,15 @@ local json_encode = require("cjson").encode
 local _M = {}
 
 
+local function inject_headers()
+    local hdrs = ngx.req.get_headers()
+    for k, v in pairs(hdrs) do
+        if k:sub(1, 5) == "resp-" then
+            ngx.header[k:sub(6)] = v
+        end
+    end
+end
+
 function _M.hello()
     ngx.say("hello world")
 end
@@ -269,6 +278,7 @@ function _M.go()
         return ngx.exit(404)
     end
 
+    inject_headers()
     return _M[action]()
 end
 
diff --git a/t/plugin/cors.t b/t/plugin/cors.t
index 4b0b6b1..a0d2e2a 100644
--- a/t/plugin/cors.t
+++ b/t/plugin/cors.t
@@ -303,11 +303,12 @@ passed
 GET /hello HTTP/1.1
 --- more_headers
 Origin: http://sub2.domain.com
+resp-vary: Via
 --- response_body
 hello world
 --- response_headers
 Access-Control-Allow-Origin: http://sub2.domain.com
-Vary: Origin
+Vary: Via, Origin
 Access-Control-Allow-Methods: GET,POST
 Access-Control-Allow-Headers: headr1,headr2
 Access-Control-Expose-Headers: ex-headr1,ex-headr2

Reply via email to