support for cors added

ScorpioBroker · Dec 17, 2019 · fdab0e9 · fdab0e9
1 parent b1a2d32
commit fdab0e9
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -340,6 +340,16 @@ For more detailed explaination on NGSI-LD or JSON-LD. Please look at the
 [ETSI Specification](https://www.etsi.org/deliver/etsi_gs/CIM/001_099/009/01.01.01_60/gs_CIM009v010101p.pdf) or visit
 the [JSON-LD website](https://json-ld.org/).
 
+### Enable CORS support
+You can enable cors support in the gateway by providing these configuration options
+ - gateway.enablecors  -   default is False. Set to true for general enabling
+ - gateway.enablecors.allowall  -   default is False. Set to true to enable CORS from all origins, allow all headers and all methods. Not secure but still very often used.
+ - gateway.enablecors.allowedorigin  -   A comma separated list of allowed origins
+ - gateway.enablecors.allowedheader  -   A comma separated list of allowed headers
+ - gateway.enablecors.allowedmethods  -   A comma separated list of allowed methods 
+ - gateway.enablecors.allowallmethods  -   default is False. Set to true to allow all methods. If set to true it will override the allowmethods entry
+
+
 ### Postman example collection
 
 You can find a set of example calls, as a Postman collection, in the Examples folder. These examples use 2 Variables
@@ -381,6 +391,7 @@ In order to fix this issue and get eureka-server running you need to manually ad
 </dependencies>
 ...
 ```
+This should be fixed now using conditional dependencies. 
 ## Acknowledgements
 Part of the development has been founded by the EU in the AUTOPILOT project.
 

diff --git a/...CloudModules/gateway/src/main/java/eu/neclab/ngsildbroker/gateway/GatewayApplication.java b/...CloudModules/gateway/src/main/java/eu/neclab/ngsildbroker/gateway/GatewayApplication.java
@@ -1,9 +1,15 @@
 package eu.neclab.ngsildbroker.gateway;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
 
 @SpringBootApplication
 @EnableZuulProxy
@@ -12,4 +18,75 @@ public class GatewayApplication {
 	public static void main(String[] args) {
 		SpringApplication.run(GatewayApplication.class, args);
 	}
+	@Value("${gateway.enablecors:false}")
+	boolean enableCors;
+	@Value("${gateway.enablecors.allowall:false}")
+	boolean allowAllCors;
+
+	@Value("${gateway.enablecors.allowedorigin:null}")
+	String allowedOrigin;
+
+	@Value("${gateway.enablecors.allowedheader:null}")
+	String allowedHeader;
+
+	@Value("${gateway.enablecors.allowallmethods:false}")
+	boolean allowAllCorsMethods;
+
+	@Value("${gateway.enablecors.allowedmethods:null}")
+	String allowedMethods;
+
+
+	@Bean
+	public CorsFilter corsFilter() {
+		final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		if(!enableCors) {
+			return new CorsFilter(source);
+		}
+		final CorsConfiguration config = new CorsConfiguration();
+		if(allowAllCors) {
+			config.setAllowCredentials(true);
+			config.addAllowedOrigin("*");
+			config.addAllowedHeader("*");
+			config.addAllowedMethod(HttpMethod.DELETE);
+			config.addAllowedMethod(HttpMethod.POST);
+			config.addAllowedMethod(HttpMethod.GET);
+			config.addAllowedMethod(HttpMethod.OPTIONS);
+			config.addAllowedMethod(HttpMethod.PATCH);
+			config.addAllowedMethod(HttpMethod.PUT);
+			config.addAllowedMethod(HttpMethod.HEAD);
+			config.addAllowedMethod(HttpMethod.TRACE);
+			source.registerCorsConfiguration("/**", config);
+		}else {
+			if(allowedOrigin != null) {
+				for(String origin: allowedOrigin.split(",")) {
+					config.addAllowedOrigin(origin);
+				}
+
+			}
+			if(allowedHeader != null) {
+				for(String header: allowedHeader.split(",")) {
+					config.addAllowedHeader(header);
+				}
+			}
+			if(allowAllCorsMethods) {
+				config.addAllowedMethod(HttpMethod.DELETE);
+				config.addAllowedMethod(HttpMethod.POST);
+				config.addAllowedMethod(HttpMethod.GET);
+				config.addAllowedMethod(HttpMethod.OPTIONS);
+				config.addAllowedMethod(HttpMethod.PATCH);
+				config.addAllowedMethod(HttpMethod.PUT);
+				config.addAllowedMethod(HttpMethod.HEAD);
+				config.addAllowedMethod(HttpMethod.TRACE);
+			}else {
+				if(allowedMethods != null) {
+					for(String method: allowedMethods.split(",")) {
+						config.addAllowedMethod(method);
+					}
+				}
+			}
+		}
+
+
+		return new CorsFilter(source);
+	}
 }