Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Support regular expressions for CORS allow-origin to match against #6923

Merged
merged 1 commit into from Jul 25, 2014
Merged

Security: Support regular expressions for CORS allow-origin to match against #6923

merged 1 commit into from Jul 25, 2014

Conversation

spinscale
Copy link
Contributor

This commit adds regular expression support for the allow-origin
header depending on the value of the request Origin header.

Relates #5601
Closes #6891

@spinscale spinscale mentioned this pull request Jul 18, 2014
Closed
s1monw
s1monw reviewed Jul 21, 2014
View reviewed changes
src/main/java/org/elasticsearch/http/netty/NettyHttpChannel.java
String originHeader = request.header("Origin");
if (Strings.isNullOrEmpty(originHeader) || corsPattern == null) {
if (corsPattern != null) {
resp.headers().add("Access-Control-Allow-Origin", "*");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we make the "Access-Control-Allow-Origin" a constant?

@s1monw
Copy link
Contributor

s1monw commented Jul 21, 2014

@spinscale I reviewed it and left some comments. Overall I think it looks good

@s1monw s1monw removed the review label Jul 21, 2014
@spinscale
Copy link
Contributor Author

@s1monw added tests, incorporated your comments

@s1monw
Copy link
Contributor

s1monw commented Jul 21, 2014

LGTM

@s1monw s1monw removed the review label Jul 23, 2014
@spinscale
CORS: Support regular expressions for origin to match against
a1e335b 
This commit adds regular expression support for the allow-origin
header depending on the value of the request `Origin` header.

The existing HttpRequestBuilder is also extended to support the
OPTIONS HTTP method.

Relates elastic#5601
Closes elastic#6891
@spinscale spinscale merged commit a1e335b into elastic:master Jul 25, 2014
@spinscale spinscale mentioned this pull request Jul 25, 2014
Closed
@kimchy kimchy mentioned this pull request Aug 4, 2014
Closed
@clintongormley clintongormley changed the title CORS: Support regular expressions for origin to match against Security: Support regular expressions for CORS allow-origin to match against Sep 8, 2014
@clintongormley clintongormley added the :Core/Infra/Settings Settings infrastructure and APIs label Jun 7, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
:Core/Infra/Settings Settings infrastructure and APIs >enhancement v1.4.0.Beta1 v2.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security: Add regular expression support to CORS for easier matching
3 participants
@spinscale @s1monw @clintongormley