You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by kx...@apache.org on 2016/02/02 16:23:23 UTC
[1/6] chttpd commit: updated refs/heads/master to 41ac33a
Repository: couchdb-chttpd
Updated Branches:
refs/heads/master 6a2a6b976 -> 41ac33a08
Use correct setting for AllowHeaders
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/9733d21a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/9733d21a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/9733d21a
Branch: refs/heads/master
Commit: 9733d21ac223fbe92fc94405ef9d33c919aaa8ad
Parents: ddba207
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:04:06 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Mon Jan 25 13:04:06 2016 -0800
----------------------------------------------------------------------
src/chttpd_cors.erl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/9733d21a/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 525fc5f..b7031e5 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -268,7 +268,7 @@ allow_credentials(Config, Origin) ->
get_cors_config(#httpd{cors_config = undefined}) ->
EnableCors = config:get("httpd", "enable_cors", "false") =:= "true",
AllowCredentials = config:get("cors", "credentials", "false") =:= "true",
- AllowHeaders = case config:get("cors", "methods", undefined) of
+ AllowHeaders = case config:get("cors", "headers", undefined) of
undefined ->
?SUPPORTED_HEADERS;
AllowHeaders0 ->
[5/6] chttpd commit: updated refs/heads/master to 41ac33a
Posted by kx...@apache.org.
Convert all CORS headers config into lowercase
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/f2515fdf
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/f2515fdf
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/f2515fdf
Branch: refs/heads/master
Commit: f2515fdfa3c6334fb5da955bd9cdcf7cf1049a98
Parents: e52d212
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Thu Jan 28 15:39:30 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Fri Jan 29 11:45:03 2016 -0800
----------------------------------------------------------------------
src/chttpd_cors.erl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/f2515fdf/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 2af3166..83cfc53 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -279,7 +279,7 @@ get_cors_config(#httpd{cors_config = undefined}) ->
undefined ->
?SUPPORTED_HEADERS;
AllowHeaders0 ->
- split_list(AllowHeaders0)
+ [to_lower(H) || H <- split_list(AllowHeaders0)]
end,
AllowMethods = case config:get("cors", "methods", undefined) of
undefined ->
@@ -291,7 +291,7 @@ get_cors_config(#httpd{cors_config = undefined}) ->
undefined ->
?COUCH_HEADERS;
ExposedHeaders0 ->
- split_list(ExposedHeaders0)
+ [to_lower(H) || H <- split_list(ExposedHeaders0)]
end,
Origins0 = binary_split_list(config:get("cors", "origins", [])),
Origins = [{O, {[]}} || O <- Origins0],
[3/6] chttpd commit: updated refs/heads/master to 41ac33a
Posted by kx...@apache.org.
Adding more tests for CORS
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/e52d2123
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/e52d2123
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/e52d2123
Branch: refs/heads/master
Commit: e52d2123846532540abb3ca5ec3a588a77b1ff68
Parents: a634e22
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:07:19 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Fri Jan 29 11:45:03 2016 -0800
----------------------------------------------------------------------
test/chttpd_cors_test.erl | 67 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/e52d2123/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index 6ad807a..753b235 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -24,6 +24,10 @@
"content-type, accept-ranges, etag, server, x-couch-request-id, " ++
"x-couch-update-newrev, x-couchdb-body-time").
+-define(CUSTOM_SUPPORTED_METHODS, ?SUPPORTED_METHODS -- ["CONNECT"]).
+-define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
+-define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
+
%% Test helpers
@@ -56,6 +60,16 @@ wildcard_cors_config() ->
]}}
].
+custom_cors_config() ->
+ [
+ {<<"enable_cors">>, true},
+ {<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
+ {<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
+ {<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+ {<<"origins">>, {[
+ {<<"*">>, {[]}}
+ ]}}
+ ].
access_control_cors_config(AllowCredentials) ->
[
@@ -166,6 +180,15 @@ cors_enabled_simple_config_test_() ->
fun test_case_sensitive_mismatch_of_allowed_origins_/1
]}}.
+cors_enabled_custom_config_test_() ->
+ {"Simple CORS config with custom allow_methods/allow_headers/exposed_headers",
+ {foreach,
+ fun custom_cors_config/0,
+ [
+ fun test_good_headers_preflight_request_with_custom_config_/1,
+ fun test_db_request_with_custom_config_/1
+ ]}}.
+
cors_enabled_multiple_config_test_() ->
{"Multiple options CORS config",
@@ -307,7 +330,31 @@ test_good_headers_preflight_request_(OwnerConfig) ->
?_assertEqual(?DEFAULT_ORIGIN,
header(Headers1, "Access-Control-Allow-Origin")),
?_assertEqual(string_headers(?SUPPORTED_METHODS),
- header(Headers1, "Access-Control-Allow-Methods"))
+ header(Headers1, "Access-Control-Allow-Methods")),
+ ?_assertEqual(string_headers(["accept-language"]),
+ header(Headers1, "Access-Control-Allow-Headers"))
+ ].
+
+test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
+ Headers = [
+ {"Origin", ?DEFAULT_ORIGIN},
+ {"Access-Control-Request-Method", "GET"},
+ {"Access-Control-Request-Headers", "accept-language, extra"}
+ ],
+ Req = mock_request('OPTIONS', "/", Headers),
+ ?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
+ AllowMethods = couch_util:get_value(
+ <<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
+ AllowHeaders = couch_util:get_value(
+ <<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+ {ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
+ [
+ ?_assertEqual(?DEFAULT_ORIGIN,
+ header(Headers1, "Access-Control-Allow-Origin")),
+ ?_assertEqual(string_headers(AllowMethods),
+ header(Headers1, "Access-Control-Allow-Methods")),
+ ?_assertEqual(string_headers(["accept-language", "extra"]),
+ header(Headers1, "Access-Control-Allow-Headers"))
].
@@ -364,6 +411,21 @@ test_db_request_(OwnerConfig) ->
header(Headers1, "Access-Control-Expose-Headers"))
].
+test_db_request_with_custom_config_(OwnerConfig) ->
+ Origin = ?DEFAULT_ORIGIN,
+ Headers = [{"Origin", Origin}, {"extra", "EXTRA"}],
+ Req = mock_request('GET', "/my_db", Headers),
+ Headers1 = chttpd_cors:headers(Req, Headers, Origin, OwnerConfig),
+ ExposedHeaders = couch_util:get_value(
+ <<"exposed_headers">>, OwnerConfig, ?COUCH_HEADERS),
+ [
+ ?_assertEqual(?DEFAULT_ORIGIN,
+ header(Headers1, "Access-Control-Allow-Origin")),
+ ?_assertEqual(lists:sort(["content-type" | ExposedHeaders]),
+ lists:sort(
+ split_list(header(Headers1, "Access-Control-Expose-Headers"))))
+ ].
+
test_db_preflight_request_(OwnerConfig) ->
Headers = [
@@ -473,3 +535,6 @@ test_db_request_credentials_header_on_(OwnerConfig) ->
?_assertEqual("true",
header(Headers1, "Access-Control-Allow-Credentials"))
].
+
+split_list(S) ->
+ re:split(S, "\\s*,\\s*", [trim, {return, list}]).
[2/6] chttpd commit: updated refs/heads/master to 41ac33a
Posted by kx...@apache.org.
Make use of <<allow_headers>> option
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/63af9339
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/63af9339
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/63af9339
Branch: refs/heads/master
Commit: 63af9339f2a65125e2e14498e3b985b915115004
Parents: 9733d21
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:05:47 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Mon Jan 25 13:05:47 2016 -0800
----------------------------------------------------------------------
src/chttpd_cors.erl | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/63af9339/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index b7031e5..81cd475 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -110,6 +110,10 @@ handle_preflight_request(Req, Config, Origin) ->
SupportedMethods = get_origin_config(Config, Origin,
<<"allow_methods">>, ?SUPPORTED_METHODS),
+ SupportedHeaders = get_origin_config(Config, Origin,
+ <<"allow_headers">>, ?SUPPORTED_HEADERS),
+
+
%% get max age
MaxAge = couch_util:get_value("max_age", Config, ?CORS_DEFAULT_MAX_AGE),
@@ -135,7 +139,7 @@ handle_preflight_request(Req, Config, Origin) ->
{Headers, RH}
end,
%% check if headers are supported
- case ReqHeaders -- ?SUPPORTED_HEADERS of
+ case ReqHeaders -- SupportedHeaders of
[] ->
PreflightHeaders = PreflightHeaders0 ++
[{"Access-Control-Allow-Headers",
[6/6] chttpd commit: updated refs/heads/master to 41ac33a
Posted by kx...@apache.org.
Merge remote-tracking branch 'github/pr/100'
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/41ac33a0
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/41ac33a0
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/41ac33a0
Branch: refs/heads/master
Commit: 41ac33a082d34baee206d4a00d51a54b50e36f74
Parents: 6a2a6b9 f2515fd
Author: Alexander Shorin <kx...@apache.org>
Authored: Tue Feb 2 18:23:06 2016 +0300
Committer: Alexander Shorin <kx...@apache.org>
Committed: Tue Feb 2 18:23:06 2016 +0300
----------------------------------------------------------------------
src/chttpd_cors.erl | 30 ++++++++++++++-----
test/chttpd_cors_test.erl | 67 +++++++++++++++++++++++++++++++++++++++++-
2 files changed, 88 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
[4/6] chttpd commit: updated refs/heads/master to 41ac33a
Posted by kx...@apache.org.
Introduce cors/exposed_headers config setting
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/a634e220
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/a634e220
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/a634e220
Branch: refs/heads/master
Commit: a634e22040a80ad597857fb896ab7eb03f3eb30d
Parents: 63af933
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:06:39 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Fri Jan 29 11:45:03 2016 -0800
----------------------------------------------------------------------
src/chttpd_cors.erl | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/a634e220/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 81cd475..2af3166 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -180,15 +180,17 @@ headers(Req, RequestHeaders, Origin, Config) ->
true ->
AcceptedOrigins = get_accepted_origins(Req, Config),
CorsHeaders = handle_headers(Config, Origin, AcceptedOrigins),
- maybe_apply_headers(CorsHeaders, RequestHeaders);
+ ExposedCouchHeaders = couch_util:get_value(
+ <<"exposed_headers">>, Config, ?COUCH_HEADERS),
+ maybe_apply_headers(CorsHeaders, RequestHeaders, ExposedCouchHeaders);
false ->
RequestHeaders
end.
-maybe_apply_headers([], RequestHeaders) ->
+maybe_apply_headers([], RequestHeaders, _ExposedCouchHeaders) ->
RequestHeaders;
-maybe_apply_headers(CorsHeaders, RequestHeaders) ->
+maybe_apply_headers(CorsHeaders, RequestHeaders, ExposedCouchHeaders) ->
%% Find all non ?SIMPLE_HEADERS and and non ?SIMPLE_CONTENT_TYPE_VALUES,
%% expose those through Access-Control-Expose-Headers, allowing
%% the client to access them in the browser. Also append in
@@ -214,9 +216,10 @@ maybe_apply_headers(CorsHeaders, RequestHeaders) ->
true ->
ExposedHeaders0
end,
- %% ?COUCH_HEADERS may get added later, so expose them by default
+
+ %% ExposedCouchHeaders may get added later, so expose them by default
ACEH = [{"Access-Control-Expose-Headers",
- string:join(ExposedHeaders ++ ?COUCH_HEADERS, ", ")}],
+ string:join(ExposedHeaders ++ ExposedCouchHeaders, ", ")}],
CorsHeaders ++ RequestHeaders ++ ACEH.
@@ -284,6 +287,12 @@ get_cors_config(#httpd{cors_config = undefined}) ->
AllowMethods0 ->
split_list(AllowMethods0)
end,
+ ExposedHeaders = case config:get("cors", "exposed_headers", undefined) of
+ undefined ->
+ ?COUCH_HEADERS;
+ ExposedHeaders0 ->
+ split_list(ExposedHeaders0)
+ end,
Origins0 = binary_split_list(config:get("cors", "origins", [])),
Origins = [{O, {[]}} || O <- Origins0],
[
@@ -291,6 +300,7 @@ get_cors_config(#httpd{cors_config = undefined}) ->
{<<"allow_credentials">>, AllowCredentials},
{<<"allow_methods">>, AllowMethods},
{<<"allow_headers">>, AllowHeaders},
+ {<<"exposed_headers">>, ExposedHeaders},
{<<"origins">>, {Origins}}
];
get_cors_config(#httpd{cors_config = Config}) ->