Commit 8c876038 authored by Kjetil Thuen's avatar Kjetil Thuen

Always set "Access-Control-Allow-Origin" to "*"

Added a filter that overrides whatever Jettys own CrossOriginFilter
sets the Access-Control-Allow-Origin response header to with "*". This
is because Jetty will never set it to "*", which is exactly what is
needed when a REST service is running behind a caching proxy.

Fixes #2641
parent e1494095
package com.nesstar.rest;
import com.nesstar.rest.filters.TabulationEntityTagFilter;
import com.nesstar.rest.filters.ManualJettyAllowWildcardOriginFilter;
import com.nesstar.rest.filters.CorrelationEntityTagFilter;
import com.nesstar.rest.filters.EntityTagFilter;
import com.nesstar.rest.filters.CubeEntityTagFilter;
......@@ -66,9 +67,11 @@ public class NesstarDropService extends Service<NesstarDropConfiguration> {
environment.addHealthCheck(new NesstarHealthCheck(serverHandler));
FilterBuilder filterConfig = environment.addFilter(CrossOriginFilter.class, "*");
filterConfig.setInitParam(CrossOriginFilter.PREFLIGHT_MAX_AGE_PARAM, String.valueOf(SECONDSINONEDAY)); // 1 day
filterConfig.setInitParam(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
environment.addFilter(CrossOriginFilter.class, "/*")
.setInitParam(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Content-Type,Accept,Origin");
ManualJettyAllowWildcardOriginFilter mjawof = new ManualJettyAllowWildcardOriginFilter(serverHandler);
environment.addFilter(mjawof, "*");
TabulationEntityTagFilter tabulationETagFilter = new TabulationEntityTagFilter(serverHandler);
environment.addFilter(tabulationETagFilter, "/study/*");
......
......@@ -18,7 +18,7 @@ import com.nesstar.rest.common.ServerHandler;
public abstract class EntityTagFilter implements Filter {
private static final String HEADER_NAME = "If-None-Match";
protected ServerHandler serverHandler;
public EntityTagFilter(ServerHandler serverHandler) {
this.serverHandler = serverHandler;
}
......@@ -37,14 +37,14 @@ public abstract class EntityTagFilter implements Filter {
chain.doFilter(request, response);
}
}
protected boolean requestHasETag(HttpServletRequest request) {
String etag = getEtagFromRequest(request);
return etag != null && !etag.isEmpty();
}
protected abstract boolean checkForMatchingETag(HttpServletRequest request);
protected String[] getUriPartsFromRequest(HttpServletRequest request) {
String uri = request.getRequestURI();
if ('/' == uri.charAt(0)) {
......@@ -52,22 +52,22 @@ public abstract class EntityTagFilter implements Filter {
}
return uri.split("/");
}
protected Server getServer() throws IOException {
return serverHandler.getServer();
}
protected boolean etagsMatch(HttpServletRequest request, ETag etag) {
String etagFromRequest = getEtagFromRequest(request);
return etagFromRequest.equals(etag.getValue());
}
private String getEtagFromRequest(HttpServletRequest request) {
String etagFromRequest = request.getHeader(HEADER_NAME);
etagFromRequest = stripGzip(etagFromRequest);
return etagFromRequest;
}
private String stripGzip(String etagFromRequest) {
String strippedTag = etagFromRequest;
if (etagFromRequest != null) {
......@@ -78,7 +78,7 @@ public abstract class EntityTagFilter implements Filter {
}
return strippedTag;
}
private void return304Header(HttpServletResponse response) throws IOException {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.flushBuffer();
......
package com.nesstar.rest.filters;
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
import com.nesstar.rest.common.ServerHandler;
/**
* This filter is meant to to work around the fact that Jettys
* CrossOriginFilter will never return "*" as the value of the
* Access-Control-Allow-Origin header. Jetty will echo the hostname of the
* Origin header in the request even if it is told to return "*", which creates
* problems for caching proxies.
*/
public class ManualJettyAllowWildcardOriginFilter implements Filter {
private static final String HEADER_NAME = "Access-Control-Allow-Origin";
protected ServerHandler serverHandler;
public ManualJettyAllowWildcardOriginFilter(ServerHandler serverHandler) {
this.serverHandler = serverHandler;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException { }
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader(HEADER_NAME, "*");
chain.doFilter(request, response);
}
@Override
public void destroy() { }
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment