This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.13 in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 173afe373c3796603493cf0fa0c11c0c1aec066f Author: tzssangglass <[email protected]> AuthorDate: Fri Apr 15 11:09:33 2022 +0800 fix(grpc-web): don't override Access-Control-Allow-Origin header in response (#6842) --- apisix/plugins/grpc-web.lua | 5 ++++- t/plugin/grpc-web.t | 55 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/apisix/plugins/grpc-web.lua b/apisix/plugins/grpc-web.lua index 502b52868..18465063b 100644 --- a/apisix/plugins/grpc-web.lua +++ b/apisix/plugins/grpc-web.lua @@ -125,7 +125,10 @@ function _M.header_filter(conf, ctx) core.response.set_header("Access-Control-Allow-Methods", DEFAULT_CORS_ALLOW_METHODS) core.response.set_header("Access-Control-Allow-Headers", DEFAULT_CORS_ALLOW_HEADERS) end - core.response.set_header("Access-Control-Allow-Origin", DEFAULT_CORS_ALLOW_ORIGIN) + + if not ctx.cors_allow_origins then + core.response.set_header("Access-Control-Allow-Origin", DEFAULT_CORS_ALLOW_ORIGIN) + end core.response.set_header("Content-Type", ctx.grpc_web_mime) end diff --git a/t/plugin/grpc-web.t b/t/plugin/grpc-web.t index 187031661..4342dd1b0 100644 --- a/t/plugin/grpc-web.t +++ b/t/plugin/grpc-web.t @@ -176,3 +176,58 @@ Access-Control-Allow-Origin: * Content-Type: application/grpc-web --- error_log routing configuration error, grpc-web plugin only supports `prefix matching` pattern routing + + + +=== TEST 9: set route (with cors plugin) +--- config + location /t { + content_by_lua_block { + local config = { + uri = "/grpc/web/*", + upstream = { + scheme = "grpc", + type = "roundrobin", + nodes = { + ["127.0.0.1:50001"] = 1 + } + }, + plugins = { + ["grpc-web"] = {}, + cors = { + allow_origins = "http://test.com";, + allow_methods = "POST,OPTIONS", + allow_headers = "application/grpc-web", + expose_headers = "application/grpc-web", + max_age = 5, + allow_credential = true + } + } + } + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', ngx.HTTP_PUT, config) + + if code >= 300 then + ngx.status = code + ngx.say(body) + return + end + + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 10: don't override Access-Control-Allow-Origin header in response +--- request +POST /grpc/web/a6.RouteService/GetRoute +{} +--- more_headers +Origin: http://test.com +Content-Type: application/grpc-web +--- response_headers +Access-Control-Allow-Origin: http://test.com +Content-Type: application/grpc-web
