From 72916dc53c7f52a4b96cf6de2177c022e1da5fee Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Fri, 23 Feb 2024 08:53:06 +0100 Subject: [PATCH 1/7] adapt cors headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian Richter Signed-off-by: Jörn Friedrich Dreyer --- ocis-pkg/config/config.go | 2 +- services/frontend/pkg/config/defaults/defaultconfig.go | 8 ++++++-- .../invitations/pkg/config/defaults/defaultconfig.go | 7 ++++++- services/ocdav/pkg/config/defaults/defaultconfig.go | 9 +++++++-- services/ocm/pkg/config/defaults/defaultconfig.go | 9 +++++++-- .../storage-users/pkg/config/defaults/defaultconfig.go | 9 +++++++-- services/web/pkg/config/defaults/defaultconfig.go | 9 +++++++-- services/webfinger/pkg/config/defaults/defaultconfig.go | 8 +++++++- 8 files changed, 48 insertions(+), 13 deletions(-) diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index 2e40393cb1..17c7bbffc3 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -68,7 +68,7 @@ type Config struct { Mode Mode // DEPRECATED File string - OcisURL string `yaml:"ocis_url" desc:"URL, where oCIS is reachable for users."` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` Registry string `yaml:"registry"` TokenManager *shared.TokenManager `yaml:"token_manager"` diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index c19f3fb45e..81eb49b7f8 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -31,7 +31,7 @@ func DefaultConfig() *config.Config { Protocol: "tcp", Prefix: "", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, AllowedMethods: []string{ "OPTIONS", "HEAD", @@ -73,7 +73,7 @@ func DefaultConfig() *config.Config { "X-HTTP-Method-Override", "Cache-Control", }, - AllowCredentials: true, + AllowCredentials: false, }, }, Service: config.Service{ @@ -185,6 +185,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitized the configuration diff --git a/services/invitations/pkg/config/defaults/defaultconfig.go b/services/invitations/pkg/config/defaults/defaultconfig.go index 64cd95b605..815491ca91 100644 --- a/services/invitations/pkg/config/defaults/defaultconfig.go +++ b/services/invitations/pkg/config/defaults/defaultconfig.go @@ -26,7 +26,7 @@ func DefaultConfig() *config.Config { Root: "/graph/v1.0", Namespace: "com.owncloud.graph", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, }, }, Service: config.Service{ @@ -77,6 +77,11 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } func Sanitize(cfg *config.Config) { diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index cfb1a6b6b1..61122d5656 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -30,7 +30,7 @@ func DefaultConfig() *config.Config { Protocol: "tcp", Prefix: "", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, AllowedMethods: []string{ "OPTIONS", "HEAD", @@ -71,7 +71,7 @@ func DefaultConfig() *config.Config { "X-HTTP-Method-Override", "Cache-Control", }, - AllowCredentials: true, + AllowCredentials: false, }, }, Service: config.Service{ @@ -137,6 +137,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitizes the configuration diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go index 9c020f9af5..e2fc0ef4af 100644 --- a/services/ocm/pkg/config/defaults/defaultconfig.go +++ b/services/ocm/pkg/config/defaults/defaultconfig.go @@ -32,7 +32,7 @@ func DefaultConfig() *config.Config { Protocol: "tcp", Prefix: "", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, AllowedMethods: []string{ "OPTIONS", "HEAD", @@ -73,7 +73,7 @@ func DefaultConfig() *config.Config { "X-HTTP-Method-Override", "Cache-Control", }, - AllowCredentials: true, + AllowCredentials: false, }, }, GRPC: config.GRPCConfig{ @@ -165,6 +165,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.GRPC.TLS == nil && cfg.Commons != nil { cfg.GRPC.TLS = structs.CopyOrZeroValue(cfg.Commons.GRPCServiceTLS) } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitizes the config diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index 78f6531223..85c3406352 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -38,7 +38,7 @@ func DefaultConfig() *config.Config { Protocol: "tcp", Prefix: "data", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, AllowedMethods: []string{ "POST", "HEAD", @@ -63,7 +63,7 @@ func DefaultConfig() *config.Config { "Upload-Incomplete", "Upload-Draft-Interop-Version", }, - AllowCredentials: true, + AllowCredentials: false, ExposedHeaders: []string{ "Upload-Offset", "Location", @@ -208,6 +208,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Tasks.PurgeTrashBin.UserID == "" && cfg.Commons != nil { cfg.Tasks.PurgeTrashBin.UserID = cfg.Commons.AdminUserID } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitized the configuration diff --git a/services/web/pkg/config/defaults/defaultconfig.go b/services/web/pkg/config/defaults/defaultconfig.go index 166cb1efd4..2bc6d8ee2c 100644 --- a/services/web/pkg/config/defaults/defaultconfig.go +++ b/services/web/pkg/config/defaults/defaultconfig.go @@ -32,7 +32,7 @@ func DefaultConfig() *config.Config { CacheTTL: 604800, // 7 days CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, AllowedMethods: []string{ "OPTIONS", "HEAD", @@ -73,7 +73,7 @@ func DefaultConfig() *config.Config { "Upload-Offset", "X-HTTP-Method-Override", }, - AllowCredentials: true, + AllowCredentials: false, }, }, Service: config.Service{ @@ -173,6 +173,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Commons != nil { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitized the configuration diff --git a/services/webfinger/pkg/config/defaults/defaultconfig.go b/services/webfinger/pkg/config/defaults/defaultconfig.go index 8f3ecbd9d8..8a0794edbe 100644 --- a/services/webfinger/pkg/config/defaults/defaultconfig.go +++ b/services/webfinger/pkg/config/defaults/defaultconfig.go @@ -29,7 +29,8 @@ func DefaultConfig() *config.Config { Root: "/", Namespace: "com.owncloud.web", CORS: config.CORS{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://localhost:9200"}, + AllowCredentials: false, }, }, Service: config.Service{ @@ -81,6 +82,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Commons != nil { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } + + if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} + } } // Sanitize sanitized the configuration From cf5558d07835592399889ffbfe58d4e063e6a414 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Mon, 18 Mar 2024 16:44:04 +0100 Subject: [PATCH 2/7] add missing introduction version Signed-off-by: Christian Richter --- ocis-pkg/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index 17c7bbffc3..c6ea6f671c 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -68,7 +68,7 @@ type Config struct { Mode Mode // DEPRECATED File string - OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users." introductionVersion:"pre5.0"` Registry string `yaml:"registry"` TokenManager *shared.TokenManager `yaml:"token_manager"` From b5ca297f546187d5da681067ae4afcf6a97a0f5e Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 19 Mar 2024 13:56:10 +0100 Subject: [PATCH 3/7] prevent nil pointer Signed-off-by: Christian Richter --- services/frontend/pkg/config/defaults/defaultconfig.go | 4 ++-- services/invitations/pkg/config/defaults/defaultconfig.go | 4 ++-- services/ocdav/pkg/config/defaults/defaultconfig.go | 4 ++-- services/ocm/pkg/config/defaults/defaultconfig.go | 4 ++-- services/storage-users/pkg/config/defaults/defaultconfig.go | 4 ++-- services/web/pkg/config/defaults/defaultconfig.go | 4 ++-- services/webfinger/pkg/config/defaults/defaultconfig.go | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 81eb49b7f8..c984e469d8 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -185,8 +185,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/invitations/pkg/config/defaults/defaultconfig.go b/services/invitations/pkg/config/defaults/defaultconfig.go index 815491ca91..8eb09dc012 100644 --- a/services/invitations/pkg/config/defaults/defaultconfig.go +++ b/services/invitations/pkg/config/defaults/defaultconfig.go @@ -78,8 +78,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 61122d5656..535ed3e0a7 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -138,8 +138,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go index e2fc0ef4af..1b7b346f0d 100644 --- a/services/ocm/pkg/config/defaults/defaultconfig.go +++ b/services/ocm/pkg/config/defaults/defaultconfig.go @@ -166,8 +166,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.GRPC.TLS = structs.CopyOrZeroValue(cfg.Commons.GRPCServiceTLS) } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index 85c3406352..a08134ec3a 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -209,8 +209,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tasks.PurgeTrashBin.UserID = cfg.Commons.AdminUserID } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/web/pkg/config/defaults/defaultconfig.go b/services/web/pkg/config/defaults/defaultconfig.go index 2bc6d8ee2c..ebf9bad926 100644 --- a/services/web/pkg/config/defaults/defaultconfig.go +++ b/services/web/pkg/config/defaults/defaultconfig.go @@ -174,8 +174,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/webfinger/pkg/config/defaults/defaultconfig.go b/services/webfinger/pkg/config/defaults/defaultconfig.go index 8a0794edbe..53b2b8467b 100644 --- a/services/webfinger/pkg/config/defaults/defaultconfig.go +++ b/services/webfinger/pkg/config/defaults/defaultconfig.go @@ -83,8 +83,8 @@ func EnsureDefaults(cfg *config.Config) { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } - if cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200" { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } From 8a1923988d2aef595f12f93c560a09b9e593d94e Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 19 Mar 2024 13:59:40 +0100 Subject: [PATCH 4/7] add changelog Signed-off-by: Christian Richter --- changelog/unreleased/improve-cors.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 changelog/unreleased/improve-cors.md diff --git a/changelog/unreleased/improve-cors.md b/changelog/unreleased/improve-cors.md new file mode 100644 index 0000000000..c659f13585 --- /dev/null +++ b/changelog/unreleased/improve-cors.md @@ -0,0 +1,7 @@ +Enhancement: Change Cors default settings + +We have changed the default CORS settings to set `Access-Control-Allow-Origin` to the `OCIS_URL` if not explicitely set +and `Access-Control-Allow-Credentials` to `false` if not explicitely set. + +https://github.com/owncloud/ocis/pull/8518 +https://github.com/owncloud/ocis/issues/8514 From fe4cd7a9016ffefeda8fcc91a72266964f2e5f72 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 19 Mar 2024 14:21:21 +0100 Subject: [PATCH 5/7] make code more readable Signed-off-by: Christian Richter --- services/frontend/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/invitations/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/ocdav/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/ocm/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/storage-users/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/web/pkg/config/defaults/defaultconfig.go | 6 ++++-- services/webfinger/pkg/config/defaults/defaultconfig.go | 6 ++++-- 7 files changed, 28 insertions(+), 14 deletions(-) diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index c984e469d8..c38c40f593 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -185,8 +185,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/invitations/pkg/config/defaults/defaultconfig.go b/services/invitations/pkg/config/defaults/defaultconfig.go index 8eb09dc012..840ee0c7c3 100644 --- a/services/invitations/pkg/config/defaults/defaultconfig.go +++ b/services/invitations/pkg/config/defaults/defaultconfig.go @@ -78,8 +78,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 535ed3e0a7..0008a45e4f 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -138,8 +138,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go index 1b7b346f0d..91d1503efb 100644 --- a/services/ocm/pkg/config/defaults/defaultconfig.go +++ b/services/ocm/pkg/config/defaults/defaultconfig.go @@ -166,8 +166,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.GRPC.TLS = structs.CopyOrZeroValue(cfg.Commons.GRPCServiceTLS) } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index a08134ec3a..f165fbdc53 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -209,8 +209,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tasks.PurgeTrashBin.UserID = cfg.Commons.AdminUserID } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/web/pkg/config/defaults/defaultconfig.go b/services/web/pkg/config/defaults/defaultconfig.go index ebf9bad926..a0572fae35 100644 --- a/services/web/pkg/config/defaults/defaultconfig.go +++ b/services/web/pkg/config/defaults/defaultconfig.go @@ -174,8 +174,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } diff --git a/services/webfinger/pkg/config/defaults/defaultconfig.go b/services/webfinger/pkg/config/defaults/defaultconfig.go index 53b2b8467b..02d823d062 100644 --- a/services/webfinger/pkg/config/defaults/defaultconfig.go +++ b/services/webfinger/pkg/config/defaults/defaultconfig.go @@ -83,8 +83,10 @@ func EnsureDefaults(cfg *config.Config) { cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS } - if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && (cfg.HTTP.CORS.AllowedOrigins == nil && cfg.Commons != nil && cfg.Commons.OcisURL != "" || - len(cfg.HTTP.CORS.AllowedOrigins) == 1 && cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { + if (cfg.Commons != nil && cfg.Commons.OcisURL != "") && + (cfg.HTTP.CORS.AllowedOrigins == nil || + len(cfg.HTTP.CORS.AllowedOrigins) == 1 && + cfg.HTTP.CORS.AllowedOrigins[0] == "https://localhost:9200") { cfg.HTTP.CORS.AllowedOrigins = []string{cfg.Commons.OcisURL} } } From 2bc7b842acb0a91b0d416855bb0dc88dc28fdb23 Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Wed, 20 Mar 2024 09:47:49 +0545 Subject: [PATCH 6/7] test(api): adjust test expectation --- tests/acceptance/features/apiContract/copy.feature | 2 +- tests/acceptance/features/apiCors/cors.feature | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/acceptance/features/apiContract/copy.feature b/tests/acceptance/features/apiContract/copy.feature index 08a1fc195a..8a9c8e1903 100644 --- a/tests/acceptance/features/apiContract/copy.feature +++ b/tests/acceptance/features/apiContract/copy.feature @@ -22,6 +22,6 @@ Feature: Copy test Then the HTTP status code should be "201" And the following headers should match these regular expressions | Oc-Fileid | /^[a-f0-9!\$\-]{110}$/ | - | Access-Control-Allow-Origin | /^[*]{1}$/ | + | Access-Control-Allow-Origin | /^%base_url%$/ | | X-Request-Id | /^[a-zA-Z]+\/[a-zA-Z]+\.feature:\d+(-\d+)?$/ | diff --git a/tests/acceptance/features/apiCors/cors.feature b/tests/acceptance/features/apiCors/cors.feature index acc8dd4900..d2038fb181 100644 --- a/tests/acceptance/features/apiCors/cors.feature +++ b/tests/acceptance/features/apiCors/cors.feature @@ -21,7 +21,6 @@ Feature: CORS headers | header | value | | Access-Control-Expose-Headers | Location | | Access-Control-Allow-Origin | https://aphno.badal | - | Access-Control-Allow-Credentials | true | Examples: | ocs-api-version | endpoint | ocs-status-code | http-status-code | | 1 | /config | 100 | 200 | From 6c0156c1bf7f2a6c2028932756fc315bb7611f1a Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Wed, 20 Mar 2024 09:52:27 +0100 Subject: [PATCH 7/7] make sonarcloud happy Signed-off-by: Christian Richter --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index d4514ead90..bbdf958c5a 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -35,7 +35,7 @@ sonar.go.golangci-lint.reportPaths=cache/checkstyle/checkstyle.xml # Exclude files sonar.exclusions=**/third_party,docs/**,changelog/**,**/package.json,**/rollup.config.js,CHANGELOG.md,deployments/**,tests/**,vendor/**,vendor-bin/**,README.md,**/mocks/**,/protogen/**,**/*_gen.go sonar.coverage.exclusions=**/*_test.go,**mocks/**,/protogen/**,**/*_gen.go -sonar.cpd.exclusions=**/*_test.go,**/revaconfig/**,services/settings/pkg/store/defaults/defaults.go +sonar.cpd.exclusions=**/defaultconfig.go,**/*_test.go,**/revaconfig/**,services/settings/pkg/store/defaults/defaults.go # Rule exclusions sonar.issue.ignore.multicriteria=g1,g2