Skip to content

Commit

Permalink
Added cors headers
Browse files Browse the repository at this point in the history
  • Loading branch information
carlosjepard committed Oct 9, 2024
1 parent 254a50d commit f7fc45c
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import com.databasepreservation.common.api.v1.MigrationResource;
import com.databasepreservation.common.api.v1.SiardResource;
import com.databasepreservation.common.api.v1.ThemeResource;
import com.databasepreservation.common.filter.CORSFilter;

import io.swagger.v3.jaxrs2.SwaggerSerializers;
import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;
Expand Down Expand Up @@ -81,9 +82,8 @@ public RestApplicationNoSwagger() {
register(SiardResource.class);
register(ThemeResource.class);
register(SwaggerSerializers.class);

register(CORSFilter.class);
// packages("com.databasepreservation.visualization.api","com.databasepreservation.common.client.services");
// packages("io.swagger.v3.jaxrs2.integration.resources");
// register(CorsFilter.class);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package com.databasepreservation.common.filter;

import java.io.IOException;
import java.util.List;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;

import com.databasepreservation.common.server.ViewerConfiguration;

@Provider
public class CORSFilter implements ContainerResponseFilter {

@Override
public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {

List<String> allowedOriginsList = ViewerConfiguration.getInstance()
.getViewerConfigurationAsList(ViewerConfiguration.CORS_ALLOW_ORIGIN);
String requestOrigin = request.getHeaderString("Origin");

if (allowedOriginsList.contains(requestOrigin)) {
response.getHeaders().add("Access-Control-Allow-Origin", requestOrigin);
}
response.getHeaders().add("Access-Control-Allow-Headers",
ViewerConfiguration.getInstance().getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_HEADERS));
response.getHeaders().add("Access-Control-Allow-Credentials", ViewerConfiguration.getInstance()
.getViewerConfigurationAsString("false", ViewerConfiguration.CORS_ALLOW_CREDENTIALS));
response.getHeaders().add("Access-Control-Allow-Methods",
ViewerConfiguration.getInstance().getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_METHODS));

}

}
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,13 @@
public class ViewerConfiguration extends ViewerAbstractConfiguration {
private static Logger LOGGER;

public static final String CORS_ALLOW_ORIGIN = "ui.cors.allowOrigin";
public static final String CORS_ALLOW_HEADERS = "ui.cors.allowHeaders";
public static final String CORS_ALLOW_METHODS = "ui.cors.allowMethods";
public static final String CORS_ALLOW_CREDENTIALS = "ui.cors.allowCredentials";
public static final String CORS_MAX_AGE = "ui.cors.maxAge";
public static final String CORS_EXPOSE_HEADERS = "ui.cors.exposeHeaders";

public static final String PROPERTY_SOLR_ZOOKEEPER_HOSTS = "solr.zookeeper.hosts";
public static final String PROPERTY_SOLR_HEALTHCHECK_RETRIES = "solr.healthcheck.retries";
public static final String PROPERTY_SOLR_HEALTHCHECK_TIMEOUT = "solr.healthcheck.timeout_ms";
Expand Down
19 changes: 19 additions & 0 deletions src/main/resources/config/dbvtk-viewer.properties
Original file line number Diff line number Diff line change
Expand Up @@ -149,3 +149,22 @@ ui.blob.autoDetect.mimeType.onColumn=false
# BLOB
##############################################
ui.blob.prefix.name=record

##########################################################################
# CORS settings
#
# 'ui.cors.origin' is also used as a value and control property:
# - missing/commented out: CORS is disabled
# - equal to '*': the value sent will match the request's Origin header
# - other: the value matching the request's Origin header is sent, otherwise
#
# More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
##########################################################################
#ui.cors.allowOrigin = *
ui.cors.allowOrigin = http://localhost:8081
#ui.cors.allowOrigin = http://two.example.com
ui.cors.allowCredentials = true
ui.cors.allowMethods = GET, POST, PUT, DELETE, OPTIONS, HEAD
ui.cors.allowHeaders = Origin, Content-type, Accept
#ui.cors.exposeHeaders = Origin, Content-type, Accept

0 comments on commit f7fc45c

Please sign in to comment.