Skip to content

Commit

Permalink
fix CORS headers (ydb-platform#8303) (ydb-platform#8313)
Browse files Browse the repository at this point in the history
  • Loading branch information
@adameat @spuchin
adameat authored and spuchin committed Sep 9, 2024
1 parent cd177d4 commit 10a7fc4
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 34 deletions.
4 changes: 2 additions & 2 deletions ydb/core/mon/async_http_mon.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,9 +245,9 @@ class THttpMonLegacyActorRequest : public TActorBootstrapped<THttpMonLegacyActor
response << "HTTP/1.1 204 No Content\r\n"
"Access-Control-Allow-Origin: " << origin << "\r\n"
"Access-Control-Allow-Credentials: true\r\n"
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept,X-Trace-Verbosity,X-Want-Trace\r\n"
"Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, DELETE\r\n"
"Content-Type: " + type + "\r\n"
"Content-Type: " << type << "\r\n"
"Connection: keep-alive\r\n\r\n";
ReplyWith(request->CreateResponseString(response));
PassAway();
Expand Down
44 changes: 12 additions & 32 deletions ydb/core/viewer/viewer.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,36 +517,12 @@ class TViewer : public TActorBootstrapped<TViewer>, public IViewer {
if (type.empty()) {
type = "application/json";
}
if (AllowOrigin) {
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
"HTTP/1.1 204 No Content\r\n"
"Access-Control-Allow-Origin: " + AllowOrigin + "\r\n"
"Access-Control-Allow-Credentials: true\r\n"
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
"Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n"
"Allow: OPTIONS, GET, POST\r\n"
"Content-Type: " + type + "\r\n"
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
} else {
TString origin = TString(msg->Request.GetHeader("Origin"));
if (!origin.empty()) {
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
"HTTP/1.1 204 No Content\r\n"
"Access-Control-Allow-Origin: " + origin + "\r\n"
"Access-Control-Allow-Credentials: true\r\n"
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
"Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n"
"Allow: OPTIONS, GET, POST\r\n"
"Content-Type: " + type + "\r\n"
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
} else {
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
"HTTP/1.1 204 No Content\r\n"
"Allow: OPTIONS, GET, POST\r\n"
"Content-Type: " + type + "\r\n"
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
}
}
TStringBuilder response;
response << "HTTP/1.1 204 No Content\r\n";
FillCORS(response, msg);
response << "Content-Type: " + type + "\r\n"
"Connection: Keep-Alive\r\n\r\n";
Send(ev->Sender, new NMon::TEvHttpInfoRes(response, 0, NMon::IEvHttpInfoRes::EContentType::Custom));
return;
}
TString path("/" + msg->Request.GetPage()->Path + msg->Request.GetPathInfo());
Expand Down Expand Up @@ -649,11 +625,15 @@ void TViewer::FillCORS(TStringBuilder& stream, const TRequestState& request) {
} else if (request && request->Request.GetHeaders().HasHeader("Origin")) {
origin = request->Request.GetHeader("Origin");
}
if (origin.empty()) {
origin = "*";
}
if (origin) {
stream << "Access-Control-Allow-Origin: " << origin << "\r\n"
<< "Access-Control-Allow-Credentials: true\r\n"
<< "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
<< "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n";
<< "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept,X-Trace-Verbosity,X-Want-Trace\r\n"
<< "Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE\r\n"
<< "Allow: OPTIONS, GET, POST, DELETE\r\n";
}
}

Expand Down

0 comments on commit 10a7fc4

Please sign in to comment.