-
Notifications
You must be signed in to change notification settings - Fork 738
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cors): Configurable whitelist of origins that are allowed to make… #891
Conversation
srekapalli
commented
Sep 6, 2019
- Currently 'Gate' allows all origins and this fix is to allow only whitelisted origins if specified in the config.
- Existing behavior kept as see and the new scheme will be enabled only if 'cors.allow-mode' set to 'originlist'
- Tests here exercise both the old mode (regex) and the new (originlist).
- @cfieber : The current implementation is still out there , Pl. LMK if we need to make that also strict and not allow the requests if the origin doesn't match the RegEx. Currently we just log and won't deny the request I think🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great start - there is a chance that the failing test is due to something missing in the CI environment since it is trying to spool up the whole app
...web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsAllowedOriginConfigSpec.groovy
Show resolved
Hide resolved
...web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsAllowedOriginConfigSpec.groovy
Outdated
Show resolved
Hide resolved
...web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsAllowedOriginConfigSpec.groovy
Show resolved
Hide resolved
It's because I was hitting |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple minor points for discussion but otherwise 👍- Good job on your first PR!
gate-web/src/main/java/com/netflix/spinnaker/gate/config/GateCorsConfig.java
Outdated
Show resolved
Hide resolved
gate-web/src/main/java/com/netflix/spinnaker/gate/config/GateCorsConfig.java
Outdated
Show resolved
Hide resolved
...web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsAllowedOriginConfigSpec.groovy
Outdated
Show resolved
Hide resolved
...web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsAllowedOriginConfigSpec.groovy
Outdated
Show resolved
Hide resolved
gate-web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsRegexConfigSpec.groovy
Outdated
Show resolved
Hide resolved
gate-web/src/test/groovy/com/netflix/spinnaker/gate/config/GateCorsRegexConfigSpec.groovy
Outdated
Show resolved
Hide resolved
…e cross-origin requests