Workaround for issue with CORS and Origin: null in vertx-web

The CORS handling mechanism of vertx-web should allow an HTTP header with `Origin: null`, but currently it doesn't; see vert-x3/vertx-web#1933 for the details. While that bug is fixed, this commit adds a workaround that enables Kroki to handle that header value properly. The workaround just defines a regexp that allows any value in that header; vertx-web just matches the value using that regexp, and if it matches the request continues its processing as normal.
jerojasro · Apr 28, 2021 · 368d326 · 368d326
1 parent c4e0bb3
commit 368d326
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/server/src/main/java/io/kroki/server/Server.java b/server/src/main/java/io/kroki/server/Server.java
@@ -89,7 +89,10 @@ static void start(Vertx vertx, JsonObject config, Handler<AsyncResult<HttpServer
     allowedMethods.add(HttpMethod.GET);
     allowedMethods.add(HttpMethod.POST);
     allowedMethods.add(HttpMethod.OPTIONS);
-    router.route().handler(CorsHandler.create("*")
+    // REMIND: In order to accept requests with `Origin: null` header, we are using the value ".*" instead of "*".
+    // This can be reverted back to "*" once https://github.com/vert-x3/vertx-web/issues/1933 is fixed.
+    // Reference: https://github.com/yuzutech/kroki/pull/711
+    router.route().handler(CorsHandler.create(".*")
       .allowedHeaders(allowedHeaders)
       .allowedMethods(allowedMethods));
 

diff --git a/server/src/test/java/io/kroki/server/ServerTest.java b/server/src/test/java/io/kroki/server/ServerTest.java
@@ -50,6 +50,30 @@ void http_server_check_response(Vertx vertx, VertxTestContext testContext) {
       })));
   }
 
+  @Test
+  void http_server_check_cors_handling_regular_origin(Vertx vertx, VertxTestContext testContext) {
+    WebClient client = WebClient.create(vertx);
+    client.get(port, "localhost", "/")
+      .putHeader("Origin", "http://localhost")
+      .as(BodyCodec.string())
+      .send(testContext.succeeding(response -> testContext.verify(() -> {
+        assertThat(response.statusCode()).isEqualTo(200);
+        testContext.completeNow();
+      })));
+  }
+
+  @Test
+  void http_server_check_cors_handling_null_origin(Vertx vertx, VertxTestContext testContext) {
+    WebClient client = WebClient.create(vertx);
+    client.get(port, "localhost", "/")
+      .putHeader("Origin", "null")
+      .as(BodyCodec.string())
+      .send(testContext.succeeding(response -> testContext.verify(() -> {
+        assertThat(response.statusCode()).isEqualTo(200);
+        testContext.completeNow();
+      })));
+  }
+
   @Test
   void http_server_long_uri_414(Vertx vertx, VertxTestContext testContext) {
     WebClient client = WebClient.create(vertx);