Add cors check to config (#516)

gogatekeeper · Nov 4, 2024 · 9701e18 · 9701e18
1 parent e545bc2
commit 9701e18
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/pkg/apperrors/apperrors.go b/pkg/apperrors/apperrors.go
@@ -166,4 +166,5 @@ var (
 
 	ErrLetsEncryptMissingCacheDir = errors.New("letsencrypt cache dir has not been set")
 	ErrHijackerMethodMissing      = errors.New("writer does not implement http.Hijacker method")
+	ErrInvalidOriginWithCreds     = errors.New("origin cannot be set to * together with AllowedCredentials true")
 )
diff --git a/pkg/keycloak/config/config.go b/pkg/keycloak/config/config.go
@@ -328,6 +328,7 @@ func (r *Config) IsValid() error {
 		r.isOpenIDProviderProxyValid,
 		r.isMaxIdlleConnValid,
 		r.isSameSiteValid,
+		r.isCorsValid,
 		r.isTLSFilesValid,
 		r.isAdminTLSFilesValid,
 		r.isLetsEncryptValid,
@@ -910,3 +911,12 @@ func (r *Config) isEnableLoAValid() error {
 	}
 	return nil
 }
+
+func (r *Config) isCorsValid() error {
+	for _, origin := range r.CorsOrigins {
+		if origin == "*" && r.CorsCredentials {
+			return apperrors.ErrInvalidOriginWithCreds
+		}
+	}
+	return nil
+}
diff --git a/pkg/keycloak/config/config_test.go b/pkg/keycloak/config/config_test.go
@@ -2592,3 +2592,44 @@ func TestEnableLoa(t *testing.T) {
 		)
 	}
 }
+
+func TestIsCorsValid(t *testing.T) {
+	testCases := []struct {
+		Name   string
+		Config *Config
+		Valid  bool
+	}{
+		{
+			Name: "ValidOrigin",
+			Config: &Config{
+				CorsOrigins:     []string{"example.com"},
+				CorsCredentials: false,
+			},
+			Valid: true,
+		},
+		{
+			Name: "InvalidOrigin",
+			Config: &Config{
+				CorsOrigins:     []string{"*"},
+				CorsCredentials: true,
+			},
+			Valid: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(
+			testCase.Name,
+			func(t *testing.T) {
+				err := testCase.Config.isCorsValid()
+				if err != nil && testCase.Valid {
+					t.Fatalf("Expected test not to fail")
+				}
+
+				if err == nil && !testCase.Valid {
+					t.Fatalf("Expected test to fail")
+				}
+			},
+		)
+	}
+}