Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide CORS headers configuration for /openapi endpoint #3787

Closed
lreimer opened this issue Feb 25, 2019 · 5 comments
Closed

Provide CORS headers configuration for /openapi endpoint #3787

lreimer opened this issue Feb 25, 2019 · 5 comments
Labels
Type: Enhancement Label issue as an enhancement request
Milestone
5.191

Comments

@lreimer
Copy link
Contributor

lreimer commented Feb 25, 2019

Provide CORS Headers configuration for /openapi endpoint

Currently, there does not seem to be a way to configure and send proper CORS headers for the /openapi endpoint. According to the Microprofile OpenAPI Spec CORS headers are implementation dependent, but I think this would be a sensible enhancement, so that the API spec can be used and displayed by third party tools like the Swagger UI.

Expected Outcome

I can configure the Microprofile OpenAPI endpoint to emits CORS headers so that the documentation can be used e.g. in the Swagger UI.

Current Outcome

Currently, no CORS headers are added to the /openapi HTTP response. Swagger UI is complaining.

Steps to reproduce (Only for bug reports)

Fire up swagger UI (e.g. using current Docker image) and point it to a /openapi endpoint.

docker run -p 80:8080 -e API_URL=http://localhost:8080/openapi/ swaggerapi/swagger-ui:v3.20.9

Samples

Context (Optional)

We are currently looking into providing an API catalog for developers for all our Payara based microservices. Proper CORS headers would make this easier. Currently, we have a separate NGINX that adds these headers for us.

Environment

  • Payara Version: 5.184
  • Edition: Micro
  • JDK Version: Zulu 8u202
  • Operating System: CentOS Docker Image
@smillidge
Copy link
Contributor

I assume this should be configurable?

@lreimer
Copy link
Contributor Author

lreimer commented Feb 25, 2019

I guess make them configurable is the most flexible. Always applying CORS headers per default may be a security issue. What's your opinion on this?

@lreimer
Copy link
Contributor Author

lreimer commented Feb 25, 2019

Either make these configurable via microprofile-config.properties or maybe via the set-openapi-configuration asadmin command?

@lreimer
Copy link
Contributor Author

lreimer commented Feb 25, 2019

I had quick look at the current implementation. Here is what I would do:

  • extend OpenApiServiceConfiguration and add an additional config property cors-enabled
  • implement a simple JAX-RS container response filter to add CORS headers. Only add the headers if the configuration property is enabled.
  • register filter in the OpenApiApplication

Would you accept a pull request for this?

lreimer added a commit to lreimer/Payara that referenced this issue Feb 26, 2019
@lreimer
[payara#3787] Added corsHeaders support to OpenApi configuration and …
00d3b62 
…admin command.
lreimer added a commit to lreimer/Payara that referenced this issue Feb 26, 2019
@lreimer
[payara#3787] Added container response filter for CORS headers to Ope…
ace186a 
…nAPI application.
@lreimer lreimer mentioned this issue Feb 26, 2019
Merged
lreimer added a commit to lreimer/Payara that referenced this issue Feb 26, 2019
@lreimer
[payara#3787] Adjusted copyright header and import ordering. Resolves…
1cd01e5 
… review findings.
lreimer added a commit to lreimer/Payara that referenced this issue Feb 26, 2019
@lreimer
[payara#3787] Set year to 2018-2019 in copyright headers for modified…
db3e5b6 
… files.
@smillidge smillidge added the Type: Enhancement Label issue as an enhancement request label Mar 16, 2019
@smillidge
Copy link
Contributor

Closed by #3793

@smillidge smillidge added this to the 5.191 milestone Mar 16, 2019
lreimer added a commit to lreimer/Payara that referenced this issue Mar 26, 2019
@lreimer
[payara#3787] Added corsHeaders support to OpenApi configuration and …
90b0a61 
…admin command.
lreimer added a commit to lreimer/Payara that referenced this issue Mar 26, 2019
@lreimer
[payara#3787] Added container response filter for CORS headers to Ope…
4b445e0 
…nAPI application.
lreimer added a commit to lreimer/Payara that referenced this issue Mar 26, 2019
@lreimer
[payara#3787] Adjusted copyright header and import ordering. Resolves…
cedde1b 
… review findings.
lreimer added a commit to lreimer/Payara that referenced this issue Mar 26, 2019
@lreimer
[payara#3787] Set year to 2018-2019 in copyright headers for modified…
77ce02c 
… files.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement Label issue as an enhancement request
Projects
None yet
Milestone
5.191
Development

No branches or pull requests
2 participants
@smillidge @lreimer