Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use requested URI info in CORS decision-making #7585

Merged
merged 2 commits into from
Sep 14, 2023
Merged

Use requested URI info in CORS decision-making #7585

merged 2 commits into from
Sep 14, 2023

Conversation

tjquinno
Copy link
Member

@tjquinno tjquinno commented Sep 13, 2023
edited
Loading

(also remove temporary workaround for now-fixed MP OpenAPI TCK bug)

Resolves #5786 and #3619

Description

Originally, the CORS decision-making used the Host header value from the incoming request. But intervening nodes--load balancers, etc.--might have overwritten that value making it useless for CORS.

We added requested URI support some time ago to work with the Forwarded (and the related non-standard X-Forwarded... headers); this PR enhances the CORS logic to make use of it.

The original CORS code includes adapters around the SE and MP request types. Basically, those adapters are enhanced to expose the underlying request's URI info so CORS has access to it, and the CORS logic uses the host from that instead of directly from the Host header in making its decisions.

Documentation

Revised doc files are part of this PR.

@tjquinno tjquinno self-assigned this Sep 13, 2023
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Sep 13, 2023
@tjquinno tjquinno mentioned this pull request Sep 13, 2023
Closed
@tjquinno tjquinno linked an issue Sep 13, 2023 that may be closed by this pull request
Remove workaround once MP OpenAPI TCK tests fixed #3619
Closed
@tjquinno tjquinno merged commit 3e02ee7 into helidon-io:main Sep 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomas-langer tomas-langer tomas-langer approved these changes

@romain-grecourt romain-grecourt Awaiting requested review from romain-grecourt

@ljamen ljamen Awaiting requested review from ljamen

Assignees

@tjquinno tjquinno

Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove workaround once MP OpenAPI TCK tests fixed
2 participants
@tjquinno @tomas-langer