From 7bcce175757e64a2d7c5d8e5c82af444066c4085 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Fri, 28 Nov 2025 18:11:59 +1100 Subject: [PATCH 1/2] allowed authorization header in corsHandler for token validate endpoint --- .../operator/vertx/UIDOperatorVerticle.java | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java index eb2dd22a3..981f1f233 100644 --- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java +++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java @@ -233,23 +233,29 @@ public void start(Promise startPromise) throws Exception { } + private CorsHandler createCorsHandler() { + return CorsHandler.create() + .addRelativeOrigin(".*.") + .allowedMethod(io.vertx.core.http.HttpMethod.GET) + .allowedMethod(io.vertx.core.http.HttpMethod.POST) + .allowedMethod(io.vertx.core.http.HttpMethod.OPTIONS) + .allowedHeader(Const.Http.ClientVersionHeader) + .allowedHeader("Access-Control-Request-Method") + .allowedHeader("Access-Control-Allow-Credentials") + .allowedHeader("Access-Control-Allow-Origin") + .allowedHeader("Access-Control-Allow-Headers") + .allowedHeader("Content-Type"); + } + private Router createRoutesSetup() throws IOException { final Router router = Router.router(vertx); router.allowForward(AllowForwardHeaders.X_FORWARD); router.route().handler(new RequestCapturingHandler(siteProvider)); router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js", clientKeyProvider)); - router.route().handler(CorsHandler.create() - .addRelativeOrigin(".*.") - .allowedMethod(io.vertx.core.http.HttpMethod.GET) - .allowedMethod(io.vertx.core.http.HttpMethod.POST) - .allowedMethod(io.vertx.core.http.HttpMethod.OPTIONS) - .allowedHeader(Const.Http.ClientVersionHeader) - .allowedHeader("Access-Control-Request-Method") - .allowedHeader("Access-Control-Allow-Credentials") - .allowedHeader("Access-Control-Allow-Origin") - .allowedHeader("Access-Control-Allow-Headers") - .allowedHeader("Content-Type")); + + router.route(Endpoints.V2_TOKEN_VALIDATE.toString()).handler(createCorsHandler().allowedHeader("Authorization")); + router.route().handler(createCorsHandler()); router.route().handler(new StatsCollectorHandler(_statsCollectorQueue, vertx)); router.route("/static/*").handler(StaticHandler.create("static")); router.route().handler(ctx -> { From 35c0fcceb0cbd25e377496a8e11e162195e0dad7 Mon Sep 17 00:00:00 2001 From: sophia chen Date: Fri, 28 Nov 2025 18:13:21 +1100 Subject: [PATCH 2/2] cleanup --- src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java index 981f1f233..df124bb17 100644 --- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java +++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java @@ -254,7 +254,7 @@ private Router createRoutesSetup() throws IOException { router.route().handler(new RequestCapturingHandler(siteProvider)); router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js", clientKeyProvider)); - router.route(Endpoints.V2_TOKEN_VALIDATE.toString()).handler(createCorsHandler().allowedHeader("Authorization")); + router.route(V2_TOKEN_VALIDATE.toString()).handler(createCorsHandler().allowedHeader("Authorization")); router.route().handler(createCorsHandler()); router.route().handler(new StatsCollectorHandler(_statsCollectorQueue, vertx)); router.route("/static/*").handler(StaticHandler.create("static"));