Fix CorsSupport default behavior #1714
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…default behavior Signed-off-by: tim.quinn@oracle.com <tim.quinn@oracle.com>
tjquinno
changed the title
…ive developers more control over the routing they build; developers need to add CrossOriginConfigs in the order they should be checked
tjquinno
changed the title
tjquinno
changed the title
…r OPTIONS but needed to use the method the pre-flight request was asking for
…t not have at least one character to consume
tjquinno
changed the title
tomas-langer
requested changes
May 5, 2020
microprofile/cors/src/main/java/io/helidon/microprofile/cors/CorsSupportMp.java
Outdated
Show resolved
Hide resolved
webserver/cors/src/main/java/io/helidon/webserver/cors/CorsSupportHelper.java
Outdated
Show resolved
Hide resolved
webserver/cors/src/main/java/io/helidon/webserver/cors/CrossOriginConfig.java
Outdated
Show resolved
Hide resolved
…e defensive about presence or absence of leading / in MP request path
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #1713
There are two aspects to this.
A. If the developer creates a
CorsSupportinstance it will provide the default (wild carded) behavior if no specific settings were provided. In particular, passing amissingconfig node toCorsSupport.create(Config)creates a newCorsSupportinstance with the default wildcarding behavior; CORS also logs anINFOmessage to this effect in case the developer actually expected the config node to contain something.There is a new
CrossOriginConfig.create()method which developers can use to include the default wild carded behavior as they build aCorsSupportinstance.(I refactored many methods from
Aggregatorto its newBuilderinner class so the diffs look deceptively large.)B. All cross-origin info added to a
CorsSupportinstance is now searched sequentially in order of addition to the builder. TheAggregatorwhich collects the cross-origin information (basically asCrossOriginConfiginstances) used to use a map, keyed by the path expression. This could lead to confusion if the developer provided multipleCrossOriginConfigobjects with the same path (or with no path which is essentially the same thing) because later additions would overwrite earlier ones.This PR changes the internal data structure to a
Listand maintains the order in which the developer supplies theCrossOriginConfiginformation. When requests arrive, the Helidon CORS implementation scans the list in order-of-addition and uses the first that matches the request's path and HTTP method.This gives the developer complete control by making sure the order in which the application adds
CrossOriginConfigs matches the needs of the application, without the Helidon CORS code imposing a "one-setting-per-path" restriction.