This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push:
new bc70dbf [OPENMEETINGS-2511] multiple ws-urls are supported
bc70dbf is described below
commit bc70dbf47e8bc65568c9eeae7a6718ee099c3cb3
Author: Maxim Solodovnik <solomax...@gmail.com>
AuthorDate: Mon Nov 16 11:37:41 2020 +0700
[OPENMEETINGS-2511] multiple ws-urls are supported
---
.../java/org/apache/openmeetings/IApplication.java | 3 ++-
.../db/dao/basic/ConfigurationDao.java | 2 +-
.../apache/openmeetings/web/app/Application.java | 23 ++++++++++++----------
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git
a/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
b/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
index 9eecb1f..cc90aa5 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
@@ -19,6 +19,7 @@
package org.apache.openmeetings;
import java.util.Locale;
+import java.util.Set;
import java.util.function.Supplier;
import javax.servlet.ServletContext;
@@ -48,5 +49,5 @@ public interface IApplication {
//WS
void publishWsTopic(IClusterWsMessage msg);
- String getWsUrl();
+ Set<String> getWsUrls();
}
diff --git
a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
index 709ba5d..bf32ce1 100644
---
a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
+++
b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
@@ -602,7 +602,7 @@ public class ConfigurationDao implements
IDataProviderDao<Configuration> {
addCspRule(cspConfig, CSPDirective.MEDIA_SRC,
getCspMediaSrc());
addCspRule(cspConfig, CSPDirective.SCRIPT_SRC,
getCspScriptSrc());
addCspRule(cspConfig, CSPDirective.STYLE_SRC,
getCspStyleSrc());
- addCspRule(cspConfig, CSPDirective.CONNECT_SRC,
app.getWsUrl(), false); // special code for Safari browser
+ app.getWsUrls().forEach(wsUrl -> addCspRule(cspConfig,
CSPDirective.CONNECT_SRC, wsUrl, false)); // special code for Safari browser
if (!Strings.isEmpty(getGaCode())) {
//
https://developers.google.com/tag-manager/web/csp#universal_analytics_google_analytics
addCspRule(cspConfig, CSPDirective.IMG_SRC,
"https://www.google-analytics.com";);
diff --git
a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
index 1b7baaf..c8580c7 100644
---
a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
+++
b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
@@ -169,7 +169,7 @@ public class Application extends
AuthenticatedWebApplication implements IApplica
HazelcastInstance hazelcast;
private ITopic<IClusterWsMessage> hazelWsTopic;
private String serverId;
- private String wsUrl;
+ private final Set<String> wsUrls = new HashSet<>();
@Autowired
private ApplicationContext ctx;
@@ -264,6 +264,15 @@ public class Application extends
AuthenticatedWebApplication implements IApplica
getResourceSettings().getStringResourceLoaders().add(0, new
LabelResourceLoader());
getRequestCycleListeners().add(new
WebSocketAwareCsrfPreventionRequestCycleListener() {
@Override
+ public void onBeginRequest(RequestCycle cycle) {
+ String wsUrl =
getWsUrl(cycle.getRequest().getUrl());
+ if (wsUrl != null && !wsUrls.contains(wsUrl)) {
+ wsUrls.add(wsUrl);
+ cfgDao.updateCsp();
+ }
+ }
+
+ @Override
public void onEndRequest(RequestCycle cycle) {
Response resp = cycle.getResponse();
if (resp instanceof WebResponse) {
@@ -272,12 +281,6 @@ public class Application extends
AuthenticatedWebApplication implements IApplica
wresp.setHeader("X-XSS-Protection", "1; mode=block");
wresp.setHeader("Strict-Transport-Security", "max-age=31536000;
includeSubDomains; preload");
wresp.setHeader("X-Content-Type-Options", "nosniff");
- if (wsUrl == null) {
- wsUrl =
getWsUrl(cycle.getRequest().getUrl());
- if (wsUrl != null) {
-
cfgDao.updateCsp();
- }
- }
}
}
}
@@ -289,7 +292,7 @@ public class Application extends
AuthenticatedWebApplication implements IApplica
getHeaderResponseDecorators().add(FilteringHeaderResponse::new);
super.init();
final IBootstrapSettings settings = new BootstrapSettings();
- settings.setThemeProvider(new
BootswatchThemeProvider(BootswatchTheme.Sandstone));//FIXME TODO new
SingleThemeProvider(new MaterialDesignTheme())
+ settings.setThemeProvider(new
BootswatchThemeProvider(BootswatchTheme.Sandstone));
Bootstrap.builder().withBootstrapSettings(settings).install(this);
WysiwygLibrarySettings.get().setBootstrapCssReference(null);
WysiwygLibrarySettings.get().setBootstrapDropDownJavaScriptReference(null);
@@ -641,8 +644,8 @@ public class Application extends
AuthenticatedWebApplication implements IApplica
}
@Override
- public String getWsUrl() {
- return wsUrl;
+ public Set<String> getWsUrls() {
+ return Set.copyOf(wsUrls);
}
// package private for testing
