onaio · lincmba · Apr 30, 2024 · Apr 30, 2024 · Apr 30, 2024 · Apr 30, 2024
diff --git a/README.md b/README.md
@@ -119,6 +119,9 @@ environment variables. Below is a list of the required configurations.
 - `BACKEND_TYPE`: The type of backend, either `HAPI` or `GCP`. `HAPI` should be
  used for most FHIR servers, while `GCP` should be used for GCP FHIR stores.
 
+- `CORS_ALLOW_ORIGIN`: Specifies the CORS allowed origin. Only a single origin
+ can be specified. It defaults to `*` if not set
+
 **Logging**
 
 The OpenSRP FHIR Gateway uses Sentry to capture exception logs. The Sentry

diff --git a/exec/pom.xml b/exec/pom.xml
@@ -4,7 +4,7 @@
  <parent>
  <groupId>org.smartregister</groupId>
  <artifactId>opensrp-gateway-plugin</artifactId>
- <version>1.0.10</version>
+ <version>1.0.11</version>
  </parent>
 
  <artifactId>exec</artifactId>
@@ -70,7 +70,7 @@
  <dependency>
  <groupId>org.smartregister</groupId>
  <artifactId>plugins</artifactId>
- <version>1.0.10</version>
+ <version>1.0.11</version>
  </dependency>
 
  <dependency>

diff --git a/plugins/pom.xml b/plugins/pom.xml
@@ -4,7 +4,7 @@
  <parent>
  <groupId>org.smartregister</groupId>
  <artifactId>opensrp-gateway-plugin</artifactId>
- <version>1.0.10</version>
+ <version>1.0.11</version>
  </parent>
 
  <artifactId>plugins</artifactId>

diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java
@@ -35,6 +35,13 @@ public class Constants {
  public static final String ROLE_ALL_LOCATIONS = "ALL_LOCATIONS";
  public static final String MODE = "mode";
  public static final String LIST = "list";
+ public static final String CORS_ALLOW_HEADERS_KEY = "Access-Control-Allow-Headers";
+ public static final String CORS_ALLOW_HEADERS_VALUE = "authorization, cache-control";
+ public static final String CORS_ALLOW_METHODS_KEY = "Access-Control-Allow-Methods";
+ public static final String CORS_ALLOW_METHODS_VALUE = "DELETE,POST,GET,OPTIONS,PUT,PATCH";
+ public static final String CORS_ALLOW_ORIGIN_KEY = "Access-Control-Allow-Origin";
+ public static final String CORS_ALLOW_ORIGIN_VALUE = "*";
+ public static final String CORS_ALLOW_ORIGIN_ENV = "CORS_ALLOW_ORIGIN";
 
  public interface Literals {
  String EQUALS = "=";

diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java
@@ -36,6 +36,7 @@ public LocationHierarchyEndpoint() throws IOException {
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws IOException {
+ RestUtils.addCorsHeaders(response);
  try {
  RestUtils.checkAuthentication(request, tokenVerifier);
  String identifier = request.getParameter(Constants.IDENTIFIER);

diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java
@@ -32,6 +32,7 @@ public PractitionerDetailEndpoint() throws IOException {
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws IOException {
+ RestUtils.addCorsHeaders(response);
  try {
  RestUtils.checkAuthentication(request, tokenVerifier);
  String keycloakUuid = request.getParameter(KEYCLOAK_UUID);

diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java
@@ -3,6 +3,7 @@
 import static org.smartregister.fhir.gateway.plugins.Constants.AUTHORIZATION;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,4 +26,15 @@ public static void checkAuthentication(
  }
  tokenVerifier.decodeAndVerifyBearerToken(authHeader);
  }
+
+ public static void addCorsHeaders(HttpServletResponse response) {
+ response.addHeader(Constants.CORS_ALLOW_HEADERS_KEY, Constants.CORS_ALLOW_HEADERS_VALUE);
+ response.addHeader(Constants.CORS_ALLOW_METHODS_KEY, Constants.CORS_ALLOW_METHODS_VALUE);
+ String corsAllowOrigin = System.getenv(Constants.CORS_ALLOW_ORIGIN_ENV);
+ response.addHeader(
+ Constants.CORS_ALLOW_ORIGIN_KEY,
+ corsAllowOrigin != null && !corsAllowOrigin.isEmpty()
+ ? corsAllowOrigin
+ : Constants.CORS_ALLOW_ORIGIN_VALUE);
+ }
 }
diff --git a/plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java b/plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java
@@ -0,0 +1,23 @@
+package org.smartregister.fhir.gateway.plugins;
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
+public class RestUtilTest {
+ @Test
+ public void testAddCorsHeadersSetsCorsHeaders() {
+ HttpServletResponse responseMock = mock(HttpServletResponse.class);
+ RestUtils.addCorsHeaders(responseMock);
+ verify(responseMock)
+ .addHeader(Constants.CORS_ALLOW_HEADERS_KEY, Constants.CORS_ALLOW_HEADERS_VALUE);
+ verify(responseMock)
+ .addHeader(Constants.CORS_ALLOW_METHODS_KEY, Constants.CORS_ALLOW_METHODS_VALUE);
+ verify(responseMock).addHeader(eq(Constants.CORS_ALLOW_ORIGIN_KEY), anyString());
+ }
+}
diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 
  <groupId>org.smartregister</groupId>
  <artifactId>opensrp-gateway-plugin</artifactId>
- <version>1.0.10</version>
+ <version>1.0.11</version>
  <packaging>pom</packaging>
 
  <modules>