Skip to content

Commit

Permalink
feat: add option for cors and bugfix (#1963)
Browse files Browse the repository at this point in the history
  • Loading branch information
ShiningRush authored Aug 1, 2020
1 parent 3d8150b commit 2936c7d
Show file tree
Hide file tree
Showing 3 changed files with 153 additions and 11 deletions.
29 changes: 18 additions & 11 deletions apisix/plugins/cors.lua
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ local schema = {
allow_credential = {
type = "boolean",
default = false
},
}
}
}

Expand All @@ -75,6 +75,7 @@ local _M = {
schema = schema,
}


local function create_mutiple_origin_cache(conf)
if not str_find(conf.allow_origins, ",", 1, true) then
return nil
Expand All @@ -99,6 +100,7 @@ local function create_mutiple_origin_cache(conf)
return origin_cache
end


function _M.check_schema(conf)
local ok, err = core.schema.check(schema, conf)
if not ok then
Expand All @@ -108,23 +110,32 @@ function _M.check_schema(conf)
return true
end


local function set_cors_headers(conf, ctx)
local allow_methods = conf.allow_methods
if allow_methods == "**" then
allow_methods = "GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE"
end

ngx.header["Access-Control-Allow-Origin"] = ctx.cors_allow_origins
ngx.header["Access-Control-Allow-Methods"] = allow_methods
ngx.header["Access-Control-Allow-Headers"] = conf.allow_headers
ngx.header["Access-Control-Max-Age"] = conf.max_age
core.response.set_header("Access-Control-Allow-Origin", ctx.cors_allow_origins)
core.response.set_header("Access-Control-Allow-Methods", allow_methods)
core.response.set_header("Access-Control-Allow-Headers", conf.allow_headers)
core.response.set_header("Access-Control-Max-Age", conf.max_age)
core.response.set_header("Access-Control-Expose-Headers", conf.expose_headers)
if conf.allow_credential then
ngx.header["Access-Control-Allow-Credentials"] = true
core.response.set_header("Access-Control-Allow-Credentials", true)
end
ngx.header["Access-Control-Expose-Headers"] = conf.expose_headers
end


function _M.rewrite(conf, ctx)
if ctx.var.request_method == "OPTIONS" then
return 200
end
end


function _M.header_filter(conf, ctx)
local allow_origins = conf.allow_origins
local req_origin = core.request.header(ctx, "Origin")
if allow_origins == "**" then
Expand All @@ -146,10 +157,6 @@ function _M.rewrite(conf, ctx)

ctx.cors_allow_origins = allow_origins
set_cors_headers(conf, ctx)

if ctx.var.request_method == "OPTIONS" then
return 200
end
end

return _M
9 changes: 9 additions & 0 deletions t/lib/server.lua
Original file line number Diff line number Diff line change
Expand Up @@ -250,5 +250,14 @@ function _M.go()
return _M[action]()
end

function _M.headers()
local args = ngx.req.get_uri_args()
for name, val in pairs(args) do
ngx.header[name] = nil
ngx.header[name] = val
end

ngx.say("/headers")
end

return _M
126 changes: 126 additions & 0 deletions t/plugin/cors.t
Original file line number Diff line number Diff line change
Expand Up @@ -491,3 +491,129 @@ Access-Control-Max-Age: 5
Access-Control-Allow-Credentials:
--- no_error_log
[error]



=== TEST 17: set route(overwrite upstream)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"cors": {
"allow_origins": "**",
"allow_methods": "**",
"allow_headers": "*",
"expose_headers": "*",
"allow_credential": true
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/headers"
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- no_error_log
[error]



=== TEST 18: overwrite upstream
--- request
GET /headers?Access-Control-Allow-Origin=https://sub.domain.com HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Allow-Origin: https://sub.domain.com
--- no_error_log
[error]



=== TEST 19: overwrite upstream(Access-Control-Allow-Methods)
--- request
GET /headers?Access-Control-Allow-Methods=methods HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
--- no_error_log
[error]



=== TEST 20: overwrite upstream(Access-Control-Allow-Headers)
--- request
GET /headers?Access-Control-Allow-Headers=a-headers HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Allow-Headers: *
--- no_error_log
[error]



=== TEST 21: overwrite upstream(Access-Control-Expose-Headers)
--- request
GET /headers?Access-Control-Expose-Headers=e-headers HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Expose-Headers: *
--- no_error_log
[error]



=== TEST 22: overwrite upstream(Access-Control-Max-Age)
--- request
GET /headers?Access-Control-Max-Age=10 HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Max-Age: 5
--- no_error_log
[error]



=== TEST 23: not overwrite upstream(Access-Control-Allow-Credentials)
--- request
GET /headers?Access-Control-Allow-Credentials=false HTTP/1.1
--- more_headers
Origin: https://sub.domain.com
--- response_body
/headers
--- response_headers
Access-Control-Allow-Credentials: true
--- no_error_log
[error]

0 comments on commit 2936c7d

Please sign in to comment.