You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by li...@apache.org on 2021/09/01 06:45:09 UTC
[apisix-dashboard] branch master updated: chore: add cors method
option (#2103)
This is an automated email from the ASF dual-hosted git repository.
liuxiran pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git
The following commit(s) were added to refs/heads/master by this push:
new a118a7f chore: add cors method option (#2103)
a118a7f is described below
commit a118a7f17fb91feef3bebbf80fa3916fdbda6f25
Author: okaybase <75...@users.noreply.github.com>
AuthorDate: Wed Sep 1 14:45:04 2021 +0800
chore: add cors method option (#2103)
Co-authored-by: lixingwang <li...@yiche.com>
Co-authored-by: Zhiyuan Ju <ju...@apache.org>
Co-authored-by: Peter Zhu <st...@gmail.com>
---
web/src/components/Plugin/UI/cors.tsx | 1 +
web/src/components/Plugin/locales/en-US.ts | 4 ++--
web/src/components/Plugin/locales/zh-CN.ts | 4 ++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/web/src/components/Plugin/UI/cors.tsx b/web/src/components/Plugin/UI/cors.tsx
index 477039f..b639bb1 100644
--- a/web/src/components/Plugin/UI/cors.tsx
+++ b/web/src/components/Plugin/UI/cors.tsx
@@ -72,6 +72,7 @@ const Cors: React.FC<Props> = ({ form, schema }) => {
>
{[
'*',
+ '**',
'GET',
'HEAD',
'POST',
diff --git a/web/src/components/Plugin/locales/en-US.ts b/web/src/components/Plugin/locales/en-US.ts
index 3088a08..689a6fc 100644
--- a/web/src/components/Plugin/locales/en-US.ts
+++ b/web/src/components/Plugin/locales/en-US.ts
@@ -41,9 +41,9 @@ export default {
'component.pluginForm.cors.allow_headers.tooltip':
'Which headers are allowed to set in request when access cross-origin resource. Multiple value use , to split. When allow_credential is false, you can use * to indicate allow all request headers. You also can allow any header forcefully using ** even already enable allow_credential, but it will bring some security risks.',
'component.pluginForm.cors.expose_headers.tooltip':
- 'Which headers are allowed to set in response when access cross-origin resource. Multiple value use , to split.',
+ 'Which headers are allowed to set in response when access cross-origin resource. Multiple value use , to split. When allow_credential is false, you can use * to indicate allow any header. You also can allow any header forcefully using ** even already enable allow_credential, but it will bring some security risks.',
'component.pluginForm.cors.max_age.tooltip':
- 'Maximum number of seconds the results can be cached.. Within this time range, the browser will reuse the last check result. -1 means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.',
+ 'Maximum number of seconds the results can be cached. Within this time range, the browser will reuse the last check result. -1 means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.',
'component.pluginForm.cors.allow_credential.tooltip':
"If you set this option to true, you can not use '*' for other options.",
'component.pluginForm.cors.allow_origins_by_regex.tooltip':
diff --git a/web/src/components/Plugin/locales/zh-CN.ts b/web/src/components/Plugin/locales/zh-CN.ts
index d1b4e82..f7ef721 100644
--- a/web/src/components/Plugin/locales/zh-CN.ts
+++ b/web/src/components/Plugin/locales/zh-CN.ts
@@ -38,9 +38,9 @@ export default {
'component.pluginForm.cors.allow_methods.tooltip':
'允许跨域访问的 Method,比如: GET,POST等。多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所有 Origin 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Method 都通过,但请注意这样存在安全隐患。',
'component.pluginForm.cors.allow_headers.tooltip':
- '允许跨域访问时请求方携带哪些非 CORS规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所 有 Header 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Method 都通过,但请注意这样存在安全隐患。',
+ '允许跨域访问时请求方携带哪些非 CORS 规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示所有 Header 均允许通过。你也可以在启用了 allow_credential 后使用 ** 强制允许所有 Header 都通过,但请注意这样存在安全隐患。',
'component.pluginForm.cors.expose_headers.tooltip':
- '允许跨域访问时响应方携带哪些非 CORS规范 以外的 Header, 多个值使用 , 分割。',
+ '允许跨域访问时响应方携带哪些非 CORS 规范 以外的 Header, 多个值使用 , 分割,allow_credential 为 false 时可以使用 * 来表示允许任意 Header 。你也可以在启用了 allow_credential 后使用 ** 强制允许任意 Header ,但请注意这样存在安全隐患。',
'component.pluginForm.cors.max_age.tooltip':
'浏览器缓存 CORS 结果的最大时间,单位为秒,在这个时间范围内浏览器会复用上一次的检查结果,-1 表示不缓存。',
'component.pluginForm.cors.allow_credential.tooltip':