From 3ea4817cf96f2683e1f0a66f8df0426f1fc960df Mon Sep 17 00:00:00 2001 From: Shovan Maity Date: Thu, 27 Jun 2024 12:43:58 +0530 Subject: [PATCH] update allowed origins list and nginx config (#4730) * update allowed origins list Signed-off-by: Shovan Maity * update nginx config Signed-off-by: Shovan Maity * add manifest changes Signed-off-by: Shovan Maity * update local value of allowed origins Signed-off-by: Shovan Maity --------- Signed-off-by: Shovan Maity Signed-off-by: andoriyaprashant --- chaoscenter/authentication/api/main.go | 2 +- chaoscenter/graphql/server/utils/variables.go | 2 +- chaoscenter/manifests/litmus-cluster-scope.yaml | 13 ++++--------- .../manifests/litmus-namespaced-scope.yaml | 15 +++++---------- .../manifests/litmus-without-resources.yaml | 13 ++++--------- chaoscenter/web/nginx/nginx.conf | 9 --------- 6 files changed, 15 insertions(+), 39 deletions(-) diff --git a/chaoscenter/authentication/api/main.go b/chaoscenter/authentication/api/main.go index 0e277ddaaf9..42fa9512290 100644 --- a/chaoscenter/authentication/api/main.go +++ b/chaoscenter/authentication/api/main.go @@ -35,7 +35,7 @@ type Config struct { DbServer string `required:"true" split_words:"true"` DbUser string `required:"true" split_words:"true"` DbPassword string `required:"true" split_words:"true"` - AllowedOrigins []string `split_words:"true" default:"litmuschaos.io?,localhost:([0-9]+)?"` + AllowedOrigins []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"` } var config Config diff --git a/chaoscenter/graphql/server/utils/variables.go b/chaoscenter/graphql/server/utils/variables.go index bae63137079..1eba08a4d90 100644 --- a/chaoscenter/graphql/server/utils/variables.go +++ b/chaoscenter/graphql/server/utils/variables.go @@ -44,7 +44,7 @@ type Configuration struct { CustomChaosHubPath string `split_words:"true" default:"/tmp/"` DefaultChaosHubPath string `split_words:"true" default:"/tmp/default/"` EnableGQLIntrospection string `split_words:"true" default:"false"` - AllowedOrigins []string `split_words:"true" default:"litmuschaos.io?,localhost:([0-9]+)?"` + AllowedOrigins []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"` } var Config Configuration diff --git a/chaoscenter/manifests/litmus-cluster-scope.yaml b/chaoscenter/manifests/litmus-cluster-scope.yaml index 39da8911532..05f97cfa54f 100644 --- a/chaoscenter/manifests/litmus-cluster-scope.yaml +++ b/chaoscenter/manifests/litmus-cluster-scope.yaml @@ -138,15 +138,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -313,6 +304,8 @@ spec: value: "5000000" - name: INFRA_COMPATIBLE_VERSIONS value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -387,6 +380,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? resources: requests: memory: "250Mi" diff --git a/chaoscenter/manifests/litmus-namespaced-scope.yaml b/chaoscenter/manifests/litmus-namespaced-scope.yaml index e8990e739f2..a56fbd17411 100644 --- a/chaoscenter/manifests/litmus-namespaced-scope.yaml +++ b/chaoscenter/manifests/litmus-namespaced-scope.yaml @@ -117,15 +117,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -288,7 +279,9 @@ spec: - name: INGRESS_NAME value: "litmus-ingress" - name: INFRA_COMPATIBLE_VERSIONS - value: '["ci"]' + value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -361,6 +354,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? ports: - containerPort: 3000 - containerPort: 3030 diff --git a/chaoscenter/manifests/litmus-without-resources.yaml b/chaoscenter/manifests/litmus-without-resources.yaml index 74c179ebbf0..ae0debeff4c 100644 --- a/chaoscenter/manifests/litmus-without-resources.yaml +++ b/chaoscenter/manifests/litmus-without-resources.yaml @@ -135,15 +135,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -301,6 +292,8 @@ spec: value: "5000000" - name: INFRA_COMPATIBLE_VERSIONS value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -366,6 +359,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? ports: - containerPort: 3000 - containerPort: 3030 diff --git a/chaoscenter/web/nginx/nginx.conf b/chaoscenter/web/nginx/nginx.conf index 4e2633ff9b7..4388dcff4cf 100644 --- a/chaoscenter/web/nginx/nginx.conf +++ b/chaoscenter/web/nginx/nginx.conf @@ -63,15 +63,6 @@ http { } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade;