From f7fc45c9473dd40204292670461cf1c031200c90 Mon Sep 17 00:00:00 2001 From: carlosjepard Date: Wed, 9 Oct 2024 18:06:04 +0100 Subject: [PATCH] Added cors headers --- .../common/api/RestApplicationNoSwagger.java | 4 +-- .../common/filter/CORSFilter.java | 35 +++++++++++++++++++ .../common/server/ViewerConfiguration.java | 7 ++++ .../resources/config/dbvtk-viewer.properties | 19 ++++++++++ 4 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/databasepreservation/common/filter/CORSFilter.java diff --git a/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java b/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java index 96d3dfce..cc32d21f 100644 --- a/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java +++ b/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java @@ -30,6 +30,7 @@ import com.databasepreservation.common.api.v1.MigrationResource; import com.databasepreservation.common.api.v1.SiardResource; import com.databasepreservation.common.api.v1.ThemeResource; +import com.databasepreservation.common.filter.CORSFilter; import io.swagger.v3.jaxrs2.SwaggerSerializers; import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource; @@ -81,9 +82,8 @@ public RestApplicationNoSwagger() { register(SiardResource.class); register(ThemeResource.class); register(SwaggerSerializers.class); - + register(CORSFilter.class); // packages("com.databasepreservation.visualization.api","com.databasepreservation.common.client.services"); // packages("io.swagger.v3.jaxrs2.integration.resources"); - // register(CorsFilter.class); } } diff --git a/src/main/java/com/databasepreservation/common/filter/CORSFilter.java b/src/main/java/com/databasepreservation/common/filter/CORSFilter.java new file mode 100644 index 00000000..588e61a3 --- /dev/null +++ b/src/main/java/com/databasepreservation/common/filter/CORSFilter.java @@ -0,0 +1,35 @@ +package com.databasepreservation.common.filter; + +import java.io.IOException; +import java.util.List; + +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.ext.Provider; + +import com.databasepreservation.common.server.ViewerConfiguration; + +@Provider +public class CORSFilter implements ContainerResponseFilter { + + @Override + public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { + + List allowedOriginsList = ViewerConfiguration.getInstance() + .getViewerConfigurationAsList(ViewerConfiguration.CORS_ALLOW_ORIGIN); + String requestOrigin = request.getHeaderString("Origin"); + + if (allowedOriginsList.contains(requestOrigin)) { + response.getHeaders().add("Access-Control-Allow-Origin", requestOrigin); + } + response.getHeaders().add("Access-Control-Allow-Headers", + ViewerConfiguration.getInstance().getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_HEADERS)); + response.getHeaders().add("Access-Control-Allow-Credentials", ViewerConfiguration.getInstance() + .getViewerConfigurationAsString("false", ViewerConfiguration.CORS_ALLOW_CREDENTIALS)); + response.getHeaders().add("Access-Control-Allow-Methods", + ViewerConfiguration.getInstance().getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_METHODS)); + + } + +} \ No newline at end of file diff --git a/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java b/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java index 1ef587d0..d2461868 100644 --- a/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java +++ b/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java @@ -66,6 +66,13 @@ public class ViewerConfiguration extends ViewerAbstractConfiguration { private static Logger LOGGER; + public static final String CORS_ALLOW_ORIGIN = "ui.cors.allowOrigin"; + public static final String CORS_ALLOW_HEADERS = "ui.cors.allowHeaders"; + public static final String CORS_ALLOW_METHODS = "ui.cors.allowMethods"; + public static final String CORS_ALLOW_CREDENTIALS = "ui.cors.allowCredentials"; + public static final String CORS_MAX_AGE = "ui.cors.maxAge"; + public static final String CORS_EXPOSE_HEADERS = "ui.cors.exposeHeaders"; + public static final String PROPERTY_SOLR_ZOOKEEPER_HOSTS = "solr.zookeeper.hosts"; public static final String PROPERTY_SOLR_HEALTHCHECK_RETRIES = "solr.healthcheck.retries"; public static final String PROPERTY_SOLR_HEALTHCHECK_TIMEOUT = "solr.healthcheck.timeout_ms"; diff --git a/src/main/resources/config/dbvtk-viewer.properties b/src/main/resources/config/dbvtk-viewer.properties index c96ad0e3..299abf5e 100644 --- a/src/main/resources/config/dbvtk-viewer.properties +++ b/src/main/resources/config/dbvtk-viewer.properties @@ -149,3 +149,22 @@ ui.blob.autoDetect.mimeType.onColumn=false # BLOB ############################################## ui.blob.prefix.name=record + +########################################################################## +# CORS settings +# +# 'ui.cors.origin' is also used as a value and control property: +# - missing/commented out: CORS is disabled +# - equal to '*': the value sent will match the request's Origin header +# - other: the value matching the request's Origin header is sent, otherwise +# +# More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS +########################################################################## +#ui.cors.allowOrigin = * +ui.cors.allowOrigin = http://localhost:8081 +#ui.cors.allowOrigin = http://two.example.com +ui.cors.allowCredentials = true +ui.cors.allowMethods = GET, POST, PUT, DELETE, OPTIONS, HEAD +ui.cors.allowHeaders = Origin, Content-type, Accept +#ui.cors.exposeHeaders = Origin, Content-type, Accept +