Skip to content

Commit

Permalink
fix: fix default cors handling
Browse files Browse the repository at this point in the history
  • Loading branch information
@duruer
duruer committed Feb 10, 2025
1 parent 278c27d commit 1675706
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 17 deletions.
47 changes: 36 additions & 11 deletions Pano/src/main/kotlin/com/panomc/platform/model/Route.kt
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
package com.panomc.platform.model

import com.panomc.platform.Main
import com.panomc.platform.config.ConfigManager
import io.vertx.core.Handler
import io.vertx.core.http.HttpMethod
import io.vertx.ext.web.RoutingContext
import io.vertx.ext.web.handler.BodyHandler
import io.vertx.ext.web.handler.CorsHandler
import io.vertx.ext.web.validation.ValidationHandler
import io.vertx.ext.web.validation.builder.ValidationHandlerBuilder
import io.vertx.json.schema.SchemaParser
import org.springframework.beans.factory.annotation.Autowired
import java.io.File
import java.net.URI

abstract class Route {
@Autowired
Expand All @@ -24,7 +23,10 @@ abstract class Route {
abstract fun getHandler(): Handler<RoutingContext>

companion object {
val allowedHeaders = setOf(
private val allowedSchemes = setOf("http", "https")
private val allowedHosts = setOf("localhost", "127.0.0.1", "0.0.0.0")

private val allowedHeaders = setOf(
"x-requested-with",
"Access-Control-Allow-Origin",
"origin",
Expand All @@ -34,7 +36,7 @@ abstract class Route {
"x-csrf-token"
)

val allowedMethods = setOf<HttpMethod>(
private val allowedMethods = setOf<HttpMethod>(
HttpMethod.GET,
HttpMethod.POST,
HttpMethod.OPTIONS,
Expand All @@ -44,13 +46,36 @@ abstract class Route {
)
}

open fun corsHandler(): Handler<RoutingContext>? =
if (Main.ENVIRONMENT == Main.Companion.EnvironmentType.DEVELOPMENT)
CorsHandler.create("http://(localhost|127\\.0\\.0\\.1|0\\.0\\.0\\.0)(:[0-9]+)?")
.allowCredentials(false)
.allowedHeaders(allowedHeaders)
.allowedMethods(allowedMethods)
else null
open fun corsHandler(): Handler<RoutingContext>? = Handler { ctx ->
val origin = ctx.request().getHeader("Origin")
if (origin != null) {
try {
val uri = URI(origin)
// Check the scheme and host
if (uri.scheme in allowedSchemes && uri.host in allowedHosts) {
// If the origin is allowed, add it to the response header
ctx.response().putHeader("Access-Control-Allow-Origin", "*")
}
} catch (e: Exception) {
// If the URI cannot be parsed, do not add any header.
}
}

// Add the allowed methods to the header:
val methodsAsString = allowedMethods.joinToString(",") { it.name() }
ctx.response().putHeader("Access-Control-Allow-Methods", methodsAsString)

// Add the allowed headers to the header:
val headersAsString = allowedHeaders.joinToString(",")
ctx.response().putHeader("Access-Control-Allow-Headers", headersAsString)

// If it's a Preflight (OPTIONS) request, end the response immediately:
if (ctx.request().method() == HttpMethod.OPTIONS) {
ctx.response().end()
} else {
ctx.next()
}
}

open fun bodyHandler(): Handler<RoutingContext>? = BodyHandler.create()
.setDeleteUploadedFilesOnEnd(true)
Expand Down
12 changes: 6 additions & 6 deletions Pano/src/main/kotlin/com/panomc/platform/route/RouterProvider.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,18 +65,18 @@ class RouterProvider private constructor(
routedRoute
.order(route.order)

val corsHandler = route.corsHandler()

if (corsHandler != null) {
routedRoute.handler(corsHandler)
}

val bodyHandler = route.bodyHandler()

if (bodyHandler != null) {
routedRoute.handler(bodyHandler)
}

val corsHandler = route.corsHandler()

if (corsHandler != null) {
routedRoute.handler(corsHandler)
}

val validationHandler = route.getValidationHandler(schemaParser)

if (validationHandler != null) {
Expand Down

0 comments on commit 1675706

Please sign in to comment.