You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2020/12/07 17:28:07 UTC
[isis] branch master updated: ISIS-2445: CORS config: removes
hardcoded allowCredentials=true
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new ecc2179 ISIS-2445: CORS config: removes hardcoded allowCredentials=true
ecc2179 is described below
commit ecc2179871904c670aea7dd23fd193b5e161f4e5
Author: Andi Huber <ah...@apache.org>
AuthorDate: Mon Dec 7 18:25:36 2020 +0100
ISIS-2445: CORS config: removes hardcoded allowCredentials=true
sets the recommended default to allowCredentials=false
adds allowCredentials to the available CORS configuration options
---
.../main/java/org/apache/isis/core/config/IsisConfiguration.java | 8 ++++++++
examples/demo/domain/src/main/resources/application.yml | 5 -----
.../apache/isis/extensions/cors/impl/IsisModuleExtCorsImpl.java | 2 +-
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
index 0cfc73b..8bc8874 100644
--- a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
+++ b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
@@ -2970,6 +2970,12 @@ public class IsisConfiguration {
private final Cors cors = new Cors();
@Data
public static class Cors {
+
+ /**
+ * TODO missing java-doc
+ */
+ private boolean allowCredentials = false;
+
/**
* Which origins are allowed to make CORS requests.
*
@@ -3022,6 +3028,8 @@ public class IsisConfiguration {
* </p>
*/
private List<String> exposedHeaders = listOf("Authorization");
+
+
}
private final Quartz quartz = new Quartz();
diff --git a/examples/demo/domain/src/main/resources/application.yml b/examples/demo/domain/src/main/resources/application.yml
index b54d3a0..3d4c3ac 100644
--- a/examples/demo/domain/src/main/resources/application.yml
+++ b/examples/demo/domain/src/main/resources/application.yml
@@ -119,11 +119,6 @@ isis:
level2:
type: none
mode: ENABLE_SELECTIVE
-
-# extensions:
-# cors:
-# # enables access for kroviz
-# allowedOrigins: http://localhost:3000
resteasy:
jaxrs:
diff --git a/extensions/vro/cors/impl/src/main/java/org/apache/isis/extensions/cors/impl/IsisModuleExtCorsImpl.java b/extensions/vro/cors/impl/src/main/java/org/apache/isis/extensions/cors/impl/IsisModuleExtCorsImpl.java
index c050bfb..804c047 100644
--- a/extensions/vro/cors/impl/src/main/java/org/apache/isis/extensions/cors/impl/IsisModuleExtCorsImpl.java
+++ b/extensions/vro/cors/impl/src/main/java/org/apache/isis/extensions/cors/impl/IsisModuleExtCorsImpl.java
@@ -65,7 +65,7 @@ public class IsisModuleExtCorsImpl {
val isisCorsConfig = configuration.getExtensions().getCors();
val corsConfiguration = new CorsConfiguration();
- corsConfiguration.setAllowCredentials(true);
+ corsConfiguration.setAllowCredentials(isisCorsConfig.isAllowCredentials());
corsConfiguration.setAllowedHeaders(isisCorsConfig.getAllowedHeaders());
corsConfiguration.setAllowedMethods(isisCorsConfig.getAllowedMethods());
corsConfiguration.setAllowedOrigins(isisCorsConfig.getAllowedOrigins());