You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by li...@apache.org on 2021/09/01 06:45:09 UTC

[apisix-dashboard] branch master updated: chore: add cors method option (#2103)

This is an automated email from the ASF dual-hosted git repository.

liuxiran pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git


The following commit(s) were added to refs/heads/master by this push:
     new a118a7f  chore: add cors method option (#2103)
a118a7f is described below

commit a118a7f17fb91feef3bebbf80fa3916fdbda6f25
Author: okaybase <75...@users.noreply.github.com>
AuthorDate: Wed Sep 1 14:45:04 2021 +0800

    chore: add cors method option (#2103)
    
    
    
    Co-authored-by: lixingwang <li...@yiche.com>
    Co-authored-by: Zhiyuan Ju <ju...@apache.org>
    Co-authored-by: Peter Zhu <st...@gmail.com>
---
 web/src/components/Plugin/UI/cors.tsx      | 1 +
 web/src/components/Plugin/locales/en-US.ts | 4 ++--
 web/src/components/Plugin/locales/zh-CN.ts | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/web/src/components/Plugin/UI/cors.tsx b/web/src/components/Plugin/UI/cors.tsx
index 477039f..b639bb1 100644
--- a/web/src/components/Plugin/UI/cors.tsx
+++ b/web/src/components/Plugin/UI/cors.tsx
@@ -72,6 +72,7 @@ const Cors: React.FC<Props> = ({ form, schema }) => {
             >
               {[
                 '*',
+                '**',
                 'GET',
                 'HEAD',
                 'POST',
diff --git a/web/src/components/Plugin/locales/en-US.ts b/web/src/components/Plugin/locales/en-US.ts
index 3088a08..689a6fc 100644
--- a/web/src/components/Plugin/locales/en-US.ts
+++ b/web/src/components/Plugin/locales/en-US.ts
@@ -41,9 +41,9 @@ export default {
   'component.pluginForm.cors.allow_headers.tooltip':
     'Which headers are allowed to set in request when access cross-origin resource. Multiple value use , to split. When allow_credential is false, you can use * to indicate allow all request headers. You also can allow any header forcefully using ** even already enable allow_credential, but it will bring some security risks.',
   'component.pluginForm.cors.expose_headers.tooltip':
-    'Which headers are allowed to set in response when access cross-origin resource. Multiple value use , to split.',
+    'Which headers are allowed to set in response when access cross-origin resource. Multiple value use , to split. When allow_credential is false, you can use * to indicate allow any header. You also can allow any header forcefully using ** even already enable allow_credential, but it will bring some security risks.',
   'component.pluginForm.cors.max_age.tooltip':
-    'Maximum number of seconds the results can be cached.. Within this time range, the browser will reuse the last check result. -1 means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.',
+    'Maximum number of seconds the results can be cached. Within this time range, the browser will reuse the last check result. -1 means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.',
   'component.pluginForm.cors.allow_credential.tooltip':
     "If you set this option to true, you can not use '*' for other options.",
   'component.pluginForm.cors.allow_origins_by_regex.tooltip':
diff --git a/web/src/components/Plugin/locales/zh-CN.ts b/web/src/components/Plugin/locales/zh-CN.ts
index d1b4e82..f7ef721 100644
--- a/web/src/components/Plugin/locales/zh-CN.ts
+++ b/web/src/components/Plugin/locales/zh-CN.ts
@@ -38,9 +38,9 @@ export default {
   'component.pluginForm.cors.allow_methods.tooltip':
     '允许跨域访问的 Method,比如: GET,POST等。多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所有 Origin 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Method 都通过,但请注意这样存在安全隐患。',
   'component.pluginForm.cors.allow_headers.tooltip':
-    '允许跨域访问时请求方携带哪些非 CORS规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所 有 Header 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Method 都通过,但请注意这样存在安全隐患。',
+    '允许跨域访问时请求方携带哪些非 CORS 规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所有 Header 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Header 都通过,但请注意这样存在安全隐患。',
   'component.pluginForm.cors.expose_headers.tooltip':
-    '允许跨域访问时响应方携带哪些非 CORS规范 以外的 Header, 多个值使用 , 分割。',
+    '允许跨域访问时响应方携带哪些非 CORS 规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示允许任意 Header 。你也可以在启用了 allow_credential 后使用 ** 强制允许任意 Header ,但请注意这样存在安全隐患。',
   'component.pluginForm.cors.max_age.tooltip':
     '浏览器缓存 CORS 结果的最大时间,单位为秒,在这个时间范围内浏览器会复用上一次的检查结果,-1 表示不缓存。',
   'component.pluginForm.cors.allow_credential.tooltip':