You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by yu...@apache.org on 2022/07/01 16:03:29 UTC
[incubator-shenyu] branch master updated: [type: refactor] optimize cors logic. (#3647)
This is an automated email from the ASF dual-hosted git repository.
yui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-shenyu.git
The following commit(s) were added to refs/heads/master by this push:
new 18c561522 [type: refactor] optimize cors logic. (#3647)
18c561522 is described below
commit 18c561522c0edef6aa72604405b95f025e6adeb4
Author: Qicz <qi...@gmail.com>
AuthorDate: Sat Jul 2 00:03:22 2022 +0800
[type: refactor] optimize cors logic. (#3647)
* [type: refactor] optimize cors logic.
* code polish
---
.../src/main/resources/application.yml | 1 +
.../apache/shenyu/common/config/ShenyuConfig.java | 22 +++++++++++++++++++++-
.../org/apache/shenyu/web/filter/CrossFilter.java | 7 ++++---
3 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/shenyu-bootstrap/src/main/resources/application.yml b/shenyu-bootstrap/src/main/resources/application.yml
index 4efb30490..6a751d6e9 100644
--- a/shenyu-bootstrap/src/main/resources/application.yml
+++ b/shenyu-bootstrap/src/main/resources/application.yml
@@ -159,6 +159,7 @@ shenyu:
enabled: true
allowedHeaders:
allowedMethods: "*"
+ allowedAnyOrigin: false
allowedOrigin:
domain: apache.org
prefixes:
diff --git a/shenyu-common/src/main/java/org/apache/shenyu/common/config/ShenyuConfig.java b/shenyu-common/src/main/java/org/apache/shenyu/common/config/ShenyuConfig.java
index 363ed6cb4..d9dcf073a 100644
--- a/shenyu-common/src/main/java/org/apache/shenyu/common/config/ShenyuConfig.java
+++ b/shenyu-common/src/main/java/org/apache/shenyu/common/config/ShenyuConfig.java
@@ -967,6 +967,8 @@ public class ShenyuConfig {
private AllowedOriginConfig allowedOrigin = new AllowedOriginConfig();
+ private boolean allowedAnyOrigin;
+
private String allowedExpose = "";
private String maxAge = "18000";
@@ -1058,7 +1060,25 @@ public class ShenyuConfig {
public void setAllowedOrigin(final AllowedOriginConfig allowedOrigin) {
this.allowedOrigin = allowedOrigin;
}
-
+
+ /**
+ * Gets the value of allowedAnyOrigin.
+ *
+ * @return the value of allowedAnyOrigin
+ */
+ public boolean isAllowedAnyOrigin() {
+ return allowedAnyOrigin;
+ }
+
+ /**
+ * Sets the allowedExpose.
+ *
+ * @param allowedAnyOrigin allowedExpose
+ */
+ public void setAllowedAnyOrigin(final boolean allowedAnyOrigin) {
+ this.allowedAnyOrigin = allowedAnyOrigin;
+ }
+
/**
* Gets the value of allowedExpose.
*
diff --git a/shenyu-web/src/main/java/org/apache/shenyu/web/filter/CrossFilter.java b/shenyu-web/src/main/java/org/apache/shenyu/web/filter/CrossFilter.java
index 6356b3bf0..ca7fd8223 100644
--- a/shenyu-web/src/main/java/org/apache/shenyu/web/filter/CrossFilter.java
+++ b/shenyu-web/src/main/java/org/apache/shenyu/web/filter/CrossFilter.java
@@ -59,7 +59,10 @@ public class CrossFilter implements WebFilter {
ServerHttpResponse response = exchange.getResponse();
HttpHeaders headers = response.getHeaders();
// "Access-Control-Allow-Origin"
- if (Objects.nonNull(this.filterConfig.getAllowedOrigin())
+ final String origin = request.getHeaders().getOrigin();
+ if (this.filterConfig.isAllowedAnyOrigin()) {
+ headers.set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+ } else if (Objects.nonNull(this.filterConfig.getAllowedOrigin())
&& CollectionUtils.isNotEmpty(this.filterConfig.getAllowedOrigin().getPrefixes())) {
final String scheme = exchange.getRequest().getURI().getScheme();
Set<String> allowedOrigin = this.filterConfig.getAllowedOrigin().getPrefixes()
@@ -68,9 +71,7 @@ public class CrossFilter implements WebFilter {
// scheme://prefix.domain
.map(prefix -> String.format("%s://%s.%s", scheme, prefix.trim(), this.filterConfig.getAllowedOrigin().getDomain()))
.collect(Collectors.toSet());
- String origin = request.getHeaders().getOrigin();
if (allowedOrigin.contains(origin)) {
- origin = String.join(",", allowedOrigin);
headers.set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
}
}