You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "skimdz86 (via GitHub)" <gi...@apache.org> on 2023/04/24 09:31:45 UTC
[GitHub] [apisix] skimdz86 opened a new pull request, #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
skimdz86 opened a new pull request, #9365:
URL: https://github.com/apache/apisix/pull/9365
### Description
Implements feature described in issue https://github.com/apache/apisix/issues/9307: added support to the Timing-Allow-Origin header in the CORS plugin.
The new header can be configured with a list of domains or a regex, just as the Access-Control-Allow-Origin.
The new header is returned only if the Access-Control-Allow-Origin is returned.
I added a new parameter to the 2 functions process_with_allow_origins and process_with_allow_origins_by_regex to make these functions "common" and now used both for calculating the Access-Control-Allow-Origin and the Timing-Allow-Origin header; the new "allow_origin_type" parameter was essential to differentiate the cache used to save the elaboration results for the 2 different headers.
**Note**: I updated also the markdown documentation (english version) adding the 2 new configuration fields, but unfortunately I don't speak Chinese, so any help for updating also the /docs/zh/latest/plugins/cors.md file will be appreciated.
Fixes #9307
### Checklist
- [X] I have explained the need for this PR and the problem it solves
- [X] I have explained the changes or the new features added to this PR
- [X] I have added tests corresponding to this change
- [X] I have updated the documentation to reflect this change
- [X] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1820376628
@skimdz86 sorry for this delay, i have no idea if Timing-Allow-Origin belongs to CORS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] skimdz86 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1223076619
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +244,12 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+ if ctx.timing_allow_origin then
Review Comment:
you want to separate the block for the standard CORS and the if about the timing, correct? So a blank line between 246 and 247
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1560330079
Hi @skimdz86, thanks for your contribution, Is Timing-Allow-Origin some kind of CORS?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1401790399
##########
t/plugin/cors4.t:
##########
@@ -0,0 +1,623 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+no_shuffle();
+log_level("info");
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if (!$block->request) {
+ $block->set_value("request", "GET /t");
+ }
+
+ if (!$block->no_error_log && !$block->error_log) {
+ $block->set_value("no_error_log", "[error]\n[alert]");
+ }
+});
+
+run_tests;
+
+__DATA__
+
+=== TEST 1: validate timing_allow_origins
+--- config
+ location /t {
+ content_by_lua_block {
+ local plugin = require("apisix.plugins.cors")
+ local function validate(val)
+ local conf = {}
+ conf.timing_allow_origins = val
+ return plugin.check_schema(conf)
+ end
+
+ local good = {
+ "*",
+ "**",
+ "null",
+ "http://y.com.uk",
+ "https://x.com",
+ "https://x.com,http://y.com.uk",
+ "https://x.com,http://y.com.uk,http://c.tv",
+ "https://x.com,http://y.com.uk:12000,http://c.tv",
+ }
+ for _, g in ipairs(good) do
+ local ok, err = validate(g)
+ if not ok then
+ ngx.say("failed to validate ", g, ", ", err)
+ end
+ end
+
+ local bad = {
+ "",
+ "*a",
+ "*,http://y.com",
+ "nulll",
+ "http//y.com.uk",
+ "x.com",
+ "https://x.com,y.com.uk",
+ "https://x.com,*,https://y.com.uk",
+ "https://x.com,http://y.com.uk,http:c.tv",
+ }
+ for _, b in ipairs(bad) do
+ local ok, err = validate(b)
+ if ok then
+ ngx.say("failed to reject ", b)
+ end
+ end
+
+ ngx.say("done")
+ }
+ }
+--- response_body
+done
+
+
+
+=== TEST 2: set route ( allow_origins default, timing_allow_origins specified )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "*",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://sub.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 3: origin matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.domain.com
+--- response_headers
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin: http://sub.domain.com
+
+
+
+=== TEST 4: origin not matching timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://other.domain.com
+--- response_headers
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 5: set route ( allow_origins same as timing_allow_origins )
Review Comment:
Three blanks are needed, please check the other place
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1221900475
##########
apisix/plugins/cors.lua:
##########
@@ -179,6 +204,23 @@ function _M.check_schema(conf, schema_type)
end
end
+ if not conf.allow_origins then
+ if conf.timing_allow_origins or conf.timing_allow_origins_by_regex then
+ return false, "you can not set 'timing_allow_origin' " ..
+ "or 'timing_allow_origin_by_regex' " ..
+ "when 'allow_origins' is not set"
+ end
+ end
Review Comment:
if the `allow_origins_by_regex ` has been set , is there a problem here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1818741841
Hi @monkeyDluffy6017 , any news on this PR?
Thanks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1832387019
> I will approve this pr after you resolve the review comments
@monkeyDluffy6017 PR updated
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1223192328
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +244,12 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+ if ctx.timing_allow_origin then
Review Comment:
Yes, it's my personal thought
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] skimdz86 commented on pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1584509836
@monkeyDluffy6017 Updated the PR with your suggestions; since we decoupled the management of cors headers and timing header, I also split the set_cors_headers function in 2, adding the set_timing_headers function.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1401807417
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +236,20 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+
+ if ctx.timing_allow_origin then
+ core.response.set_header("Timing-Allow-Origin", ctx.timing_allow_origin)
Review Comment:
Why do you need this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1221912368
##########
t/plugin/cors4.t:
##########
@@ -0,0 +1,623 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+no_shuffle();
+log_level("info");
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if (!$block->request) {
+ $block->set_value("request", "GET /t");
+ }
+
+ if (!$block->no_error_log && !$block->error_log) {
+ $block->set_value("no_error_log", "[error]\n[alert]");
+ }
+});
+
+run_tests;
+
+__DATA__
+
+=== TEST 1: validate timing_allow_origins
+--- config
+ location /t {
+ content_by_lua_block {
+ local plugin = require("apisix.plugins.cors")
+ local function validate(val)
+ local conf = {}
+ conf.timing_allow_origins = val
+ return plugin.check_schema(conf)
+ end
+
+ local good = {
+ "*",
+ "**",
+ "null",
+ "http://y.com.uk",
+ "https://x.com",
+ "https://x.com,http://y.com.uk",
+ "https://x.com,http://y.com.uk,http://c.tv",
+ "https://x.com,http://y.com.uk:12000,http://c.tv",
+ }
+ for _, g in ipairs(good) do
+ local ok, err = validate(g)
+ if not ok then
+ ngx.say("failed to validate ", g, ", ", err)
+ end
+ end
+
+ local bad = {
+ "",
+ "*a",
+ "*,http://y.com",
+ "nulll",
+ "http//y.com.uk",
+ "x.com",
+ "https://x.com,y.com.uk",
+ "https://x.com,*,https://y.com.uk",
+ "https://x.com,http://y.com.uk,http:c.tv",
+ }
+ for _, b in ipairs(bad) do
+ local ok, err = validate(b)
+ if ok then
+ ngx.say("failed to reject ", b)
+ end
+ end
+
+ ngx.say("done")
+ }
+ }
+--- response_body
+done
+
+
+
+=== TEST 2: set route ( allow_origins default, timing_allow_origins specified )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "*",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://sub.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 3: origin matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.domain.com
+--- response_headers
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin: http://sub.domain.com
+
+
+
+=== TEST 4: origin not matching timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://other.domain.com
+--- response_headers
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 5: set route ( allow_origins same as timing_allow_origins )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "http://sub.domain.com",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://sub.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 6: origin matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://sub.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin: http://sub.domain.com
+
+
+
+=== TEST 7: origin not matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://other.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 8: set route ( allow_origins differs from timing_allow_origins )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "http://one.domain.com",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://another.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 9: origin matching allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://one.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://one.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 10: origin matching timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://another.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+
+=== TEST 11: origin not matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://notexistent.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 12: set route ( allow_origins superset of timing_allow_origins )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "http://one.domain.com,http://two.domain.com",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://one.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 13: origin matching allow_origins and timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://one.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://one.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin: http://one.domain.com
+
+
+=== TEST 14: origin matching only allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://two.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://two.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+=== TEST 15: origin not matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://notexistent.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 16: set route ( allow_origins and timing_allow_origins are two different sets with intersection )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins": "http://one.domain.com,http://two.domain.com",
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins": "http://one.domain.com,http://three.domain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 17: origin matching allow_origins and timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://one.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://one.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin: http://one.domain.com
+
+
+=== TEST 18: origin matching only allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://two.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://two.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+=== TEST 19: origin matching only timing_allow_origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://three.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+=== TEST 20: origin not matching
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://notexistent.domain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+Timing-Allow-Origin:
+
+
+=== TEST 21: set route ( allow_origins and timing_allow_origins specified with regex )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins_by_regex": ["http://.*?\\.domain\\.com"],
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins_by_regex": ["http://.*?\\.domain\\.com"]
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 22: regex specified match
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://sub.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Timing-Allow-Origin: http://sub.domain.com
+
+=== TEST 23: regex no match
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://other.newdomain.com
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Timing-Allow-Origin:
+
+
+=== TEST 24: set route ( allow_origins and timing_allow_origins specified with different regex )
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "cors": {
+ "allow_origins_by_regex": ["http://.*?\\.domain\\.com"],
+ "allow_methods": "GET,POST",
+ "allow_headers": "request-h",
+ "expose_headers": "expose-h",
+ "max_age": 10,
+ "timing_allow_origins_by_regex": ["http://test.*?\\.domain\\.com"],
+ "timing_allow_origins": "http://nonexistent.newdomain.com"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+=== TEST 24: regex specified match, test priority of regex over list of origins
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://testurl.domain.com
+--- response_headers
+Access-Control-Allow-Origin: http://testurl.domain.com
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
+Timing-Allow-Origin: http://testurl.domain.com
Review Comment:
Need a blank at the end of file
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] skimdz86 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1223098567
##########
apisix/plugins/cors.lua:
##########
@@ -179,6 +204,23 @@ function _M.check_schema(conf, schema_type)
end
end
+ if not conf.allow_origins then
+ if conf.timing_allow_origins or conf.timing_allow_origins_by_regex then
+ return false, "you can not set 'timing_allow_origin' " ..
+ "or 'timing_allow_origin_by_regex' " ..
+ "when 'allow_origins' is not set"
+ end
+ end
Review Comment:
Actually, I didn't consider the case in which the CORS are managed already by the upstream server; so I agree, this way we can add only the timing header in the api gateway in addition to the existing CORS headers, leaving freedom to the users in the configuration. So I'll remove this check, but I also have to change the logic in the header_filter function, to allow setting the timing even when allow_origins is not set in the plugin conf.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1818735221
This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1415738413
##########
apisix/plugins/cors.lua:
##########
@@ -119,6 +121,28 @@ local schema = {
minItems = 1,
uniqueItems = true,
},
+ timing_allow_origins = {
+ description =
+ "you can use '*' to allow all origins which can view timing information " ..
+ "when no credentials," ..
+ "'**' to allow forcefully (it will bring some security risks, be carefully)," ..
Review Comment:
```suggestion
"'**' to allow forcefully (it will bring some security risks, be careful)," ..
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1822556175
I find that these are 2 completely separate functions, and if put in a plugin, the complexity of the configuration items can be very confusing, for example the configuration item allow_methods only works for cors, so would it be possible to consider extracting the common functions and redeveloping a plugin
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1820938348
> @skimdz86 sorry for this delay, i have no idea if Timing-Allow-Origin belongs to CORS
Ok, so what are the next steps in this case?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1401801007
##########
apisix/plugins/cors.lua:
##########
@@ -292,22 +346,44 @@ function _M.header_filter(conf, ctx)
-- If allow_origins_by_regex is not nil, should be matched to it only
local allow_origins
if conf.allow_origins_by_regex == nil then
- allow_origins = process_with_allow_origins(conf.allow_origins, ctx, req_origin)
+ allow_origins = process_with_allow_origins(
+ TYPE_ACCESS_CONTROL_ALLOW_ORIGIN, conf.allow_origins, ctx, req_origin
+ )
else
- allow_origins = process_with_allow_origins_by_regex(conf, ctx, req_origin)
+ allow_origins = process_with_allow_origins_by_regex(
+ TYPE_ACCESS_CONTROL_ALLOW_ORIGIN, conf.allow_origins_by_regex,
+ conf, ctx, req_origin
+ )
end
if not match_origins(req_origin, allow_origins) then
allow_origins = process_with_allow_origins_by_metadata(
- conf.allow_origins_by_metadata, ctx, req_origin
+ TYPE_ACCESS_CONTROL_ALLOW_ORIGIN, conf.allow_origins_by_metadata, ctx, req_origin
)
end
if conf.allow_origins ~= "*" then
core.response.add_header("Vary", "Origin")
end
- if allow_origins then
+ if allow_origins then
Review Comment:
remove redundant indents
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1409618557
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +236,20 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+
+ if ctx.timing_allow_origin then
+ core.response.set_header("Timing-Allow-Origin", ctx.timing_allow_origin)
Review Comment:
ok, useless, I may have forgotten to remove it when I decoupled the logic of classic cors and timing headers. I'll remove it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat(cors): support for the Timing-Allow-Origin header [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 merged PR #9365:
URL: https://github.com/apache/apisix/pull/9365
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1221906417
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +244,12 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+ if ctx.timing_allow_origin then
Review Comment:
Is a blank line needed here? as what is to be set is relevant
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] monkeyDluffy6017 commented on a diff in pull request #9365: feat: support for the Timing-Allow-Origin header in CORS plugin
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1221900475
##########
apisix/plugins/cors.lua:
##########
@@ -179,6 +204,23 @@ function _M.check_schema(conf, schema_type)
end
end
+ if not conf.allow_origins then
+ if conf.timing_allow_origins or conf.timing_allow_origins_by_regex then
+ return false, "you can not set 'timing_allow_origin' " ..
+ "or 'timing_allow_origin_by_regex' " ..
+ "when 'allow_origins' is not set"
+ end
+ end
Review Comment:
I have considered this place carefully, and I think that allow_origins and timing_allow_origins should be independent of each other, because it is possible that the upstream has a response header of Access-Control-Allow-Origin, which does not require the plugin to set it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1401940796
##########
docs/en/latest/plugins/cors.md:
##########
@@ -42,6 +42,8 @@ The `cors` Plugins lets you enable [CORS](https://developer.mozilla.org/en-US/do
| allow_credential | boolean | False | false | When set to `true`, allows requests to include credentials like cookies. According to CORS specification, if you set this to `true`, you cannot use '*' to allow all for the other attributes. |
| allow_origins_by_regex | array | False | nil | Regex to match with origin for enabling CORS. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `allow_origins` is. |
| allow_origins_by_metadata | array | False | nil | Origins to enable CORS referenced from `allow_origins` set in the Plugin metadata. For example, if `"allow_origins": {"EXAMPLE": "https://example.com"}` is set in the Plugin metadata, then `["EXAMPLE"]` can be used to allow CORS on the origin `https://example.com`. |
+| timing_allow_origins | string | False | nil | Origin to allow to access the resource timing information. See [Timing-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin). Use the `scheme://host:port` format. For example, `https://somedomain.com:8081`. If you have multiple origins, use a `,` to list them. |
+| timing_allow_origins_by_regex | array | False | nil | Regex to match with origin for enabling access to the resource timing information. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `timing_allow_origins` is. |
Review Comment:
I find that CORS and Timing-Allow-Origin are 2 completely separate functions, and if we put their configurations in one table, the complexity of the configuration items can be very confusing, for example the configuration item `allow_methods` only works for CORS, so how about split the table into two part, one for cors and the other for Timing-Allow-Origin
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1401807417
##########
apisix/plugins/cors.lua:
##########
@@ -202,9 +236,20 @@ local function set_cors_headers(conf, ctx)
if conf.allow_credential then
core.response.set_header("Access-Control-Allow-Credentials", true)
end
+
+ if ctx.timing_allow_origin then
+ core.response.set_header("Timing-Allow-Origin", ctx.timing_allow_origin)
Review Comment:
Why do you need this? you have done this in `set_timing_headers`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "monkeyDluffy6017 (via GitHub)" <gi...@apache.org>.
monkeyDluffy6017 commented on PR #9365:
URL: https://github.com/apache/apisix/pull/9365#issuecomment-1822662095
I will approve this pr after you resolve the review comments
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] feat: support for the Timing-Allow-Origin header in CORS plugin [apisix]
Posted by "skimdz86 (via GitHub)" <gi...@apache.org>.
skimdz86 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1409626407
##########
docs/en/latest/plugins/cors.md:
##########
@@ -42,6 +42,8 @@ The `cors` Plugins lets you enable [CORS](https://developer.mozilla.org/en-US/do
| allow_credential | boolean | False | false | When set to `true`, allows requests to include credentials like cookies. According to CORS specification, if you set this to `true`, you cannot use '*' to allow all for the other attributes. |
| allow_origins_by_regex | array | False | nil | Regex to match with origin for enabling CORS. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `allow_origins` is. |
| allow_origins_by_metadata | array | False | nil | Origins to enable CORS referenced from `allow_origins` set in the Plugin metadata. For example, if `"allow_origins": {"EXAMPLE": "https://example.com"}` is set in the Plugin metadata, then `["EXAMPLE"]` can be used to allow CORS on the origin `https://example.com`. |
+| timing_allow_origins | string | False | nil | Origin to allow to access the resource timing information. See [Timing-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin). Use the `scheme://host:port` format. For example, `https://somedomain.com:8081`. If you have multiple origins, use a `,` to list them. |
+| timing_allow_origins_by_regex | array | False | nil | Regex to match with origin for enabling access to the resource timing information. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `timing_allow_origins` is. |
Review Comment:
ok seems a good idea, I'll fix it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org