Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[full-ci] adapt cors headers #8518

Merged
merged 7 commits into from
Mar 20, 2024
Merged

[full-ci] adapt cors headers #8518

merged 7 commits into from
Mar 20, 2024

Conversation

dragonchaser
Copy link
Contributor

@dragonchaser dragonchaser commented Feb 23, 2024
edited
Loading

Enhencement: Change Cors default settings

We have changed the default CORS settings to set Access-Control-Allow-Origin to the OCIS_URL if not explicitely set
and Access-Control-Allow-Credentials to false if not explicitely set.

refs #8514

@update-docs Update Docs
Copy link

update-docs bot commented Feb 23, 2024

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@dragonchaser
Copy link
Contributor Author

@saw-jan || @phil-davis || @individual-it can you take a look at the failing cors tests. I have adapted the default config to match #8514 but I am unsure about the expectations for the suite.

@saw-jan
Copy link
Member

saw-jan commented Feb 23, 2024

@saw-jan || @phil-davis || @individual-it can you take a look at the failing cors tests. I have adapted the default config to match #8514 but I am unsure about the expectations for the suite.

Yeah, we will have a look on it. Thanks for mentioning 👍

saw-jan
saw-jan reviewed Feb 26, 2024
View reviewed changes
services/frontend/pkg/config/defaults/defaultconfig.go Outdated
Comment on lines 187 to 191
if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" ||
len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "*" {
cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dragonchaser another question. if we run ocis with OCIS_URL="https://ocis:9200", should cfg.HTTP.CORS.AllowedOrigins have ["https://ocis:9200"]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That the default config for the suite contains the address of the ocis-server step from the ci.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I observed:

  1. ocis with OCIS_URL=https://localhost:9200 
    curl "https://:localhost9200/ocs/v1.php/config" -H"Origin: https://localhost:9200" -vk
    < Access-Control-Allow-Origin: https://localhost:9200
< Access-Control-Expose-Headers: Location
< Content-Length: 266
  2. ocis with OCIS_URL=https://host.docker.internal:9200 (no cors headers ❓) 
    curl "https://host.docker.internal:9200/ocs/v1.php/config" -H"Origin: https://host.docker.internal:9200" -vk
    < Content-Length: 266

Copy link
Member

@saw-jan saw-jan Feb 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remaining failing API test is affected by this behavior: https://drone.owncloud.com/owncloud/ocis/32398/14/5
Other webUI tests might be the same issue

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@saw-jan what is needed to do to fix them?

Copy link
Member

@saw-jan saw-jan Mar 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is needed to do to fix them?

For the API test, I am expecting that when using OCIS_URL=https://host.docker.internal:9200 the following request should give the cors headers

curl "https://host.docker.internal:9200/ocs/v1.php/config" -H"Origin: https://host.docker.internal:9200" -vk
< Access-Control-Allow-Origin: https://localhost:9200
< Access-Control-Expose-Headers: Location

micbar
micbar reviewed Mar 5, 2024
View reviewed changes
services/frontend/pkg/config/defaults/defaultconfig.go
@@ -31,7 +31,7 @@ func DefaultConfig() *config.Config {
Protocol: "tcp",
Prefix: "",
CORS: config.CORS{
AllowedOrigins: []string{"*"},
AllowedOrigins: []string{"https://localhost:9200"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use the shared config value for the ocis url as a default?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because it was also hardcoded in line 82

ocis/services/frontend/pkg/config/defaults/defaultconfig.go

Line 82 in 0d52f89

PublicURL: "https://localhost:9200",

@dragonchaser dragonchaser mentioned this pull request Mar 11, 2024
Closed
@butonic butonic force-pushed the cors-issues branch 2 times, most recently from 5e444c0 to dc64e2c Compare March 18, 2024 15:15
@dragonchaser dragonchaser force-pushed the cors-issues branch 2 times, most recently from bf17602 to cae0613 Compare March 19, 2024 08:26
@dragonchaser
adapt cors headers
72916dc 
Signed-off-by: Christian Richter <[email protected]>
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@dragonchaser
add missing introduction version
cf5558d 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
prevent nil pointer
b5ca297 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
add changelog
8a19239 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
make code more readable
fe4cd7a 
Signed-off-by: Christian Richter <[email protected]>
@saw-jan
Copy link
Member

saw-jan commented Mar 19, 2024

Most of the tests are green. The failing tests are the ones that require adjustment. I can make a push with the test changes

@dragonchaser dragonchaser force-pushed the cors-issues branch 3 times, most recently from 22e232e to 419ff64 Compare March 20, 2024 13:06
@dragonchaser
make sonarcloud happy
6c0156c 
Signed-off-by: Christian Richter <[email protected]>
@owncloud owncloud deleted a comment from sonarqubecloud bot Mar 20, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
27.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@dragonchaser dragonchaser marked this pull request as ready for review March 20, 2024 13:28
@dragonchaser dragonchaser requested a review from kulmann as a code owner March 20, 2024 13:28
@dragonchaser dragonchaser merged commit 35d536f into owncloud:master Mar 20, 2024
4 checks passed
ownclouders pushed a commit that referenced this pull request Mar 20, 2024
@dragonchaser
Merge pull request #8518 from dragonchaser/cors-issues
e740d73 
[full-ci] adapt cors headers
@mmattel mmattel deleted the cors-issues branch March 20, 2024 14:28
@micbar micbar mentioned this pull request Jun 19, 2024
Closed
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saw-jan saw-jan saw-jan left review comments

@micbar micbar micbar left review comments

@kobergj kobergj kobergj approved these changes

@kulmann kulmann Awaiting requested review from kulmann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dragonchaser @saw-jan @micbar @kobergj