Fix "CORS Rejected - Invalid origin" issue when origin header is empty (

hyperledger#6988) Signed-off-by: Ameziane H <[email protected]>
fab-10 · Apr 24, 2024 · 27a7de9 · 27a7de9
1 parent 12723ac
commit 27a7de9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpService.java b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpService.java
@@ -312,7 +312,8 @@ private Router buildRouter() {
     router
         .route()
         .handler(
-            CorsHandler.create(buildCorsRegexFromConfig())
+            CorsHandler.create()
+                .addRelativeOrigin(buildCorsRegexFromConfig())
                 .allowedHeader("*")
                 .allowedHeader("content-type"));
     router
@@ -569,7 +570,7 @@ private String buildCorsRegexFromConfig() {
       return "";
     }
     if (config.getCorsAllowedDomains().contains("*")) {
-      return ".*://.*";
+      return ".*://.*|.*";
     } else {
       final StringJoiner stringJoiner = new StringJoiner("|");
       config.getCorsAllowedDomains().stream().filter(s -> !s.isEmpty()).forEach(stringJoiner::add);

diff --git a/...i/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpServiceCorsTest.java b/...i/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpServiceCorsTest.java
@@ -166,6 +166,18 @@ public void requestWithAnyOriginShouldSucceedWhenCorsIsStart() throws Exception
     }
   }
 
+  @Test
+  public void requestWithAnyOriginAndEmptyActualOriginShouldSucceed() throws Exception {
+    jsonRpcHttpService = createJsonRpcHttpServiceWithAllowedDomains("*");
+
+    final Request request =
+        new Request.Builder().url(jsonRpcHttpService.url()).header("Origin", "").build();
+
+    try (final Response response = client.newCall(request).execute()) {
+      assertThat(response.isSuccessful()).isTrue();
+    }
+  }
+
   @Test
   public void requestFromBrowserExtensionShouldSucceedWhenCorsIsStar() throws Exception {
     jsonRpcHttpService = createJsonRpcHttpServiceWithAllowedDomains("*");