You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by gh...@apache.org on 2017/06/08 21:42:20 UTC

svn commit: r1798130 - /sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java

Author: ghenzler
Date: Thu Jun  8 21:42:20 2017
New Revision: 1798130

URL: http://svn.apache.org/viewvc?rev=1798130&view=rev
Log:
SLING-6946 Send CORS header Access-Control-Allow-Origin 

Modified:
    sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java

Modified: sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java?rev=1798130&r1=1798129&r2=1798130&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java (original)
+++ sling/trunk/bundles/extensions/healthcheck/core/src/main/java/org/apache/sling/hc/core/impl/servlet/HealthCheckExecutorServlet.java Thu Jun  8 21:42:20 2017
@@ -139,6 +139,12 @@ public class HealthCheckExecutorServlet
             description = "Allows to disable the servlet if required for security reasons", boolValue = false)
     private boolean disabled;
 
+    private static final String CORS_ORIGIN_HEADER_NAME = "Access-Control-Allow-Origin";
+    public static final String CORS_ORIGIN_HEADER_DEFAULT_VALUE = "*";
+    public static final String PROPERTY_CORS_ORIGIN_HEADER_VALUE = "cors.accessControlAllowOrigin";
+    @Property(name = PROPERTY_CORS_ORIGIN_HEADER_VALUE, label = "CORS Access-Control-Allow-Origin", description = "Sets the Access-Control-Allow-Origin CORS header. If blank no header is sent.", value = CORS_ORIGIN_HEADER_DEFAULT_VALUE)
+    private String corsAccessControlAllowOrigin;
+
     @Reference
     private HttpService httpService;
 
@@ -162,6 +168,7 @@ public class HealthCheckExecutorServlet
         final Dictionary<?, ?> properties = context.getProperties();
         this.servletPath = PropertiesUtil.toString(properties.get(PROPERTY_SERVLET_PATH), SERVLET_PATH_DEFAULT);
         this.disabled = PropertiesUtil.toBoolean(properties.get(PROPERTY_DISABLED), false);
+        this.corsAccessControlAllowOrigin = PropertiesUtil.toString(properties.get(PROPERTY_CORS_ORIGIN_HEADER_VALUE), CORS_ORIGIN_HEADER_DEFAULT_VALUE);
 
         Map<String, HttpServlet> servletsToRegister = new LinkedHashMap<String, HttpServlet>();
         servletsToRegister.put(this.servletPath, this);
@@ -260,6 +267,7 @@ public class HealthCheckExecutorServlet
         Result overallResult = new Result(mostSevereStatus, "Overall status " + mostSevereStatus);
 
         sendNoCacheHeaders(response);
+        sendCorsHeaders(response);
 
         if (statusMapping != null) {
             Integer httpStatus = statusMapping.get(overallResult.getStatus());
@@ -341,6 +349,12 @@ public class HealthCheckExecutorServlet
         response.setHeader(CACHE_CONTROL_KEY, CACHE_CONTROL_VALUE);
     }
 
+    private void sendCorsHeaders(final HttpServletResponse response) {
+        if (StringUtils.isNotBlank(corsAccessControlAllowOrigin)) {
+            response.setHeader(CORS_ORIGIN_HEADER_NAME, corsAccessControlAllowOrigin);
+        }
+    }
+
     private String getHtmlHelpText() {
         final StringBuilder sb = new StringBuilder();
         sb.append("<h3>Supported URL parameters</h3>\n");