Skip to content

Commit

Permalink
fix: make configuring CORS headers more robust
Browse files Browse the repository at this point in the history
  • Loading branch information
bartjkdp committed Mar 11, 2024
1 parent 3f6c532 commit 8ecd65a
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 29 deletions.
56 changes: 31 additions & 25 deletions cmd/filter-proxy/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,6 @@ func main() {

if path.Passthrough {
router.PathPrefix(path.Path).HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodOptions {
w.Header().Add("Methods", "OPTIONS, GET, HEAD")
writeError(w, http.StatusOK, "options response from filter-proxy")
return
}

client := &http.Client{}

//http: Request.RequestURI can't be set in client requests.
Expand Down Expand Up @@ -105,12 +99,6 @@ func main() {
return
}

if r.Method == http.MethodOptions {
w.Header().Add("Methods", "OPTIONS, GET, HEAD")
writeError(w, http.StatusOK, "options response from filter-proxy")
return
}

utils.DelHopHeaders(r.Header)

var bodyFilterParams map[string]interface{}
Expand Down Expand Up @@ -309,24 +297,42 @@ func main() {
}
}

var httpHandler http.Handler
// By default allow only https://filter-proxy.local
corsOptions := cors.Options{
AllowedOrigins: []string{
"https://filter-proxy.local",
},
Debug: config.Cors.DebugLogging,
OptionsPassthrough: false,
}

if len(config.Cors.AllowedOrigins) > 0 {
c := cors.New(cors.Options{
AllowedOrigins: config.Cors.AllowedOrigins,
AllowedMethods: config.Cors.AllowedMethods,
AllowedHeaders: config.Cors.AllowedHeaders,
AllowCredentials: config.Cors.AllowCredentials,
AllowPrivateNetwork: config.Cors.AllowPrivateNetwork,
})

httpHandler = c.Handler(router)
} else {
httpHandler = router
corsOptions.AllowedOrigins = config.Cors.AllowedOrigins
}

if len(config.Cors.AllowedMethods) > 0 {
corsOptions.AllowedMethods = config.Cors.AllowedMethods
}

if len(config.Cors.AllowedHeaders) > 0 {
corsOptions.AllowedHeaders = config.Cors.AllowedHeaders
}

if config.Cors.AllowCredentials {
corsOptions.AllowCredentials = config.Cors.AllowCredentials
}

if config.Cors.AllowPrivateNetwork {
corsOptions.AllowPrivateNetwork = config.Cors.AllowPrivateNetwork
}

c := cors.New(corsOptions)

handler := c.Handler(router)

s := &http.Server{
Addr: config.ListenAddress,
Handler: requestLoggingMiddleware(httpHandler),
Handler: requestLoggingMiddleware(handler),
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
Expand Down
10 changes: 6 additions & 4 deletions config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@ listenAddress: localhost:8050
authorizationServiceUrl: http://localhost:8000/atlas/api/v1/authorize

cors:
allowedOrigins: []
allowedMethods: []
allowedHeaders: []
allowCredentials: true
# allowedOrigins: ["http://www.test.nl"]
# allowedMethods: ["GET"]
# allowedHeaders: []
# allowCredentials: true
# allowPrivateNetwork: true
# debugLogging: false

paths:
- path: /api/ows
Expand Down
1 change: 1 addition & 0 deletions internal/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ type Cors struct {
AllowedHeaders []string `yaml:"allowedHeaders"`
AllowCredentials bool `yaml:"allowCredentials"`
AllowPrivateNetwork bool `yaml:"allowPrivateNetwork"`
DebugLogging bool `yaml:"debugLogging"`
}

type Config struct {
Expand Down

0 comments on commit 8ecd65a

Please sign in to comment.