Added cors to headers

keeps · Oct 11, 2024 · aedd335 · aedd335
1 parent 254a50d
commit aedd335
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 2 deletions.
diff --git a/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java b/src/main/java/com/databasepreservation/common/api/RestApplicationNoSwagger.java
@@ -30,6 +30,7 @@
 import com.databasepreservation.common.api.v1.MigrationResource;
 import com.databasepreservation.common.api.v1.SiardResource;
 import com.databasepreservation.common.api.v1.ThemeResource;
+import com.databasepreservation.common.filter.CORSFilter;
 
 import io.swagger.v3.jaxrs2.SwaggerSerializers;
 import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;
@@ -81,9 +82,8 @@ public RestApplicationNoSwagger() {
     register(SiardResource.class);
     register(ThemeResource.class);
     register(SwaggerSerializers.class);
-
+    register(CORSFilter.class);
     // packages("com.databasepreservation.visualization.api","com.databasepreservation.common.client.services");
     // packages("io.swagger.v3.jaxrs2.integration.resources");
-    // register(CorsFilter.class);
   }
 }
diff --git a/src/main/java/com/databasepreservation/common/filter/CORSFilter.java b/src/main/java/com/databasepreservation/common/filter/CORSFilter.java
@@ -0,0 +1,37 @@
+package com.databasepreservation.common.filter;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerResponseContext;
+import javax.ws.rs.container.ContainerResponseFilter;
+import javax.ws.rs.ext.Provider;
+
+import com.databasepreservation.common.server.ViewerConfiguration;
+
+@Provider
+public class CORSFilter implements ContainerResponseFilter {
+
+  @Override
+  public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {
+
+    ViewerConfiguration configuration = ViewerConfiguration.getInstance();
+
+    List<String> allowedOriginsList = configuration.getViewerConfigurationAsList(ViewerConfiguration.CORS_ALLOW_ORIGIN);
+    String requestOrigin = request.getHeaderString("Origin");
+
+    if (allowedOriginsList.contains(requestOrigin)) {
+      response.getHeaders().add("Access-Control-Allow-Origin", requestOrigin);
+    }
+    response.getHeaders().add("Access-Control-Allow-Headers",
+      configuration.getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_HEADERS));
+    response.getHeaders().add("Access-Control-Allow-Credentials",
+      configuration
+      .getViewerConfigurationAsString("false", ViewerConfiguration.CORS_ALLOW_CREDENTIALS));
+    response.getHeaders().add("Access-Control-Allow-Methods",
+      configuration.getViewerConfigurationAsString("", ViewerConfiguration.CORS_ALLOW_METHODS));
+
+  }
+
+}
diff --git a/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java b/src/main/java/com/databasepreservation/common/server/ViewerConfiguration.java
@@ -66,6 +66,13 @@
 public class ViewerConfiguration extends ViewerAbstractConfiguration {
   private static Logger LOGGER;
 
+  public static final String CORS_ALLOW_ORIGIN = "ui.cors.allowOrigin";
+  public static final String CORS_ALLOW_HEADERS = "ui.cors.allowHeaders";
+  public static final String CORS_ALLOW_METHODS = "ui.cors.allowMethods";
+  public static final String CORS_ALLOW_CREDENTIALS = "ui.cors.allowCredentials";
+  public static final String CORS_MAX_AGE = "ui.cors.maxAge";
+  public static final String CORS_EXPOSE_HEADERS = "ui.cors.exposeHeaders";
+
   public static final String PROPERTY_SOLR_ZOOKEEPER_HOSTS = "solr.zookeeper.hosts";
   public static final String PROPERTY_SOLR_HEALTHCHECK_RETRIES = "solr.healthcheck.retries";
   public static final String PROPERTY_SOLR_HEALTHCHECK_TIMEOUT = "solr.healthcheck.timeout_ms";

diff --git a/src/main/resources/config/dbvtk-viewer.properties b/src/main/resources/config/dbvtk-viewer.properties
@@ -149,3 +149,22 @@ ui.blob.autoDetect.mimeType.onColumn=false
 # BLOB
 ##############################################
 ui.blob.prefix.name=record
+
+##########################################################################
+# CORS settings
+#
+# 'ui.cors.origin' is also used as a value and control property:
+# - missing/commented out: CORS is disabled
+# - equal to '*': the value sent will match the request's Origin header
+# - other: the value matching the request's Origin header is sent, otherwise
+#
+# More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+##########################################################################
+#ui.cors.allowOrigin = *
+#ui.cors.allowOrigin = http://localhost:8081
+#ui.cors.allowOrigin = http://two.example.com
+ui.cors.allowCredentials = true
+ui.cors.allowMethods = GET, POST, PUT, DELETE, OPTIONS, HEAD
+ui.cors.allowHeaders = Origin, Content-type, Accept
+#ui.cors.exposeHeaders = Origin, Content-type, Accept
+