From 1e72ddc651baaf0da95033a184cef2ce36011675 Mon Sep 17 00:00:00 2001 From: vokomarov Date: Sun, 7 Apr 2024 11:58:11 +0300 Subject: [PATCH] Fix forwarding non-ok Options request --- captcha/google_recaptcha.go | 4 ++++ captcha/google_recaptcha_test.go | 21 +++++++++++++++++++++ headers/cors.go | 4 ++++ headers/cors_test.go | 12 ++++++++++++ 4 files changed, 41 insertions(+) diff --git a/captcha/google_recaptcha.go b/captcha/google_recaptcha.go index bb1cd04..485b521 100644 --- a/captcha/google_recaptcha.go +++ b/captcha/google_recaptcha.go @@ -52,6 +52,10 @@ func (p *GoogleReCaptchaProvider) Verify(ctx *fasthttp.RequestCtx) (bool, error) return true, nil } + if string(ctx.Request.Header.Method()) == fasthttp.MethodOptions { + return true, nil + } + challenge := ctx.Request.Header.Peek(headers.XCtCaptchaChallenge) if challenge == nil || string(challenge) == "" { log.Printf("[%s] captcha challenge empty", clientIp) diff --git a/captcha/google_recaptcha_test.go b/captcha/google_recaptcha_test.go index 6a062c0..64d6c36 100644 --- a/captcha/google_recaptcha_test.go +++ b/captcha/google_recaptcha_test.go @@ -102,6 +102,27 @@ func TestVerifyEmptySecret(t *testing.T) { assert.NoError(t, err) } +func TestVerifyOptions(t *testing.T) { + ctrl := gomock.NewController(t) + c := mocks.NewHttpClientMock(ctrl) + + ctx := fasthttp.RequestCtx{} + ctx.SetRemoteAddr(&net.TCPAddr{IP: []byte{0xA, 0x0, 0x0, 0x1}}) + ctx.Request.Header.SetMethod(fasthttp.MethodOptions) + ctx.Request.Header.Set(headers.XCtCaptchaChallenge, "captcha_challenge_2") + + c.EXPECT().WithReadTimeout(gomock.Eq(googleApiReadTimeout)) + c.EXPECT().WithWriteTimeout(gomock.Eq(googleApiWriteTimeout)) + + p := NewGoogleReCaptchaProvider(c, config.Config{ + CaptchaSecret: "captcha_secret_1", + }) + state, err := p.Verify(&ctx) + + assert.True(t, state) + assert.NoError(t, err) +} + func TestVerifyEmptyChallenge(t *testing.T) { ctrl := gomock.NewController(t) c := mocks.NewHttpClientMock(ctrl) diff --git a/headers/cors.go b/headers/cors.go index 7082f51..2fc1503 100644 --- a/headers/cors.go +++ b/headers/cors.go @@ -71,4 +71,8 @@ func writeCorsAllowedHeaders(ctx *fasthttp.RequestCtx) { ctx.Response.Header.Set(AccessControlAllowMethods, strings.Join(CorsAllowedMethods, ",")) ctx.Response.Header.Set(AccessControlAllowHeaders, strings.Join(CorsAllowedHeaders, ",")) ctx.Response.Header.Set(AccessControlAllowCredentials, "true") + + if string(ctx.Request.Header.Method()) == fasthttp.MethodOptions { + ctx.Response.Header.SetStatusCode(fasthttp.StatusOK) + } } diff --git a/headers/cors_test.go b/headers/cors_test.go index c486c47..4ec19fd 100644 --- a/headers/cors_test.go +++ b/headers/cors_test.go @@ -27,6 +27,18 @@ func TestCorsHandler(t *testing.T) { assert.Equal(t, "test.com", string(ctx.Response.Header.Peek(AccessControlAllowOrigin))) }) + t.Run("AllowOptionsStatusAlwaysOk", func(t *testing.T) { + ctx := fasthttp.RequestCtx{} + ctx.Request.Header.SetMethod(fasthttp.MethodOptions) + ctx.Request.Header.Set(Origin, "Test.Com") + ctx.Request.Header.Set(XForwardedFor, "127.0.0.1") + + handler := CorsHandler(func(ctx *fasthttp.RequestCtx) {}) + handler(&ctx) + + assert.Equal(t, fasthttp.StatusOK, ctx.Response.StatusCode()) + }) + t.Run("RejectIgnorePath", func(t *testing.T) { ctx := fasthttp.RequestCtx{} ctx.Request.Header.Set(Origin, "a.Test.Com")