From bc0ca13605c92d2609962c13321e308d8492fbc5 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Fri, 31 Mar 2023 23:18:58 +0200 Subject: [PATCH] add missing cors config in the ocdav service --- changelog/unreleased/fix-cors-ocdav.md | 5 ++++ pkg/micro/ocdav/option.go | 36 ++++++++++++++++++++++++-- pkg/micro/ocdav/service.go | 13 +++++++++- 3 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 changelog/unreleased/fix-cors-ocdav.md diff --git a/changelog/unreleased/fix-cors-ocdav.md b/changelog/unreleased/fix-cors-ocdav.md new file mode 100644 index 0000000000..5002f5079d --- /dev/null +++ b/changelog/unreleased/fix-cors-ocdav.md @@ -0,0 +1,5 @@ +Bugfix: Fix missing CORS config in ocdav service + +The ocdav service is started with a go micro wrapper. We needed to add the cors config. + +https://github.com/cs3org/reva/pull/3764 diff --git a/pkg/micro/ocdav/option.go b/pkg/micro/ocdav/option.go index 6b80df3287..939b75c0ca 100644 --- a/pkg/micro/ocdav/option.go +++ b/pkg/micro/ocdav/option.go @@ -56,8 +56,12 @@ type Options struct { MetricsSubsystem string // ocdav.* is internal so we need to set config options individually - config ocdav.Config - lockSystem ocdav.LockSystem + config ocdav.Config + lockSystem ocdav.LockSystem + AllowCredentials bool + AllowedOrigins []string + AllowedHeaders []string + AllowedMethods []string } // newOptions initializes the available default options. @@ -275,3 +279,31 @@ func MetricsSubsystem(val string) Option { o.MetricsSubsystem = val } } + +// AllowCredentials provides a function to set the AllowCredentials option. +func AllowCredentials(val bool) Option { + return func(o *Options) { + o.AllowCredentials = val + } +} + +// AllowedOrigins provides a function to set the AllowedOrigins option. +func AllowedOrigins(val []string) Option { + return func(o *Options) { + o.AllowedOrigins = val + } +} + +// AllowedMethods provides a function to set the AllowedMethods option. +func AllowedMethods(val []string) Option { + return func(o *Options) { + o.AllowedMethods = val + } +} + +// AllowedHeaders provides a function to set the AllowedHeaders option. +func AllowedHeaders(val []string) Option { + return func(o *Options) { + o.AllowedHeaders = val + } +} diff --git a/pkg/micro/ocdav/service.go b/pkg/micro/ocdav/service.go index 1e4208a5cb..5ad140c5dd 100644 --- a/pkg/micro/ocdav/service.go +++ b/pkg/micro/ocdav/service.go @@ -24,6 +24,7 @@ import ( "github.com/cs3org/reva/v2/internal/http/interceptors/appctx" "github.com/cs3org/reva/v2/internal/http/interceptors/auth" + cors2 "github.com/cs3org/reva/v2/internal/http/interceptors/cors" revaLogMiddleware "github.com/cs3org/reva/v2/internal/http/interceptors/log" "github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav" "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool" @@ -163,6 +164,16 @@ func useMiddlewares(r *chi.Mux, sopts *Options, svc global.Service, tp trace.Tra // log lm := revaLogMiddleware.New() + cors, _, err := cors2.New(map[string]interface{}{ + "allow_credentials": sopts.AllowCredentials, + "allowed_methods": sopts.AllowedMethods, + "allowed_headers": sopts.AllowedHeaders, + "allowed_origins": sopts.AllowedOrigins, + }) + if err != nil { + return err + } + // tracing tm := func(h http.Handler) http.Handler { return h } if sopts.TracingEnabled { @@ -201,7 +212,7 @@ func useMiddlewares(r *chi.Mux, sopts *Options, svc global.Service, tp trace.Tra rm := middleware.RequestID // actually register - r.Use(pm, tm, lm, authMiddle, rm, cm) + r.Use(pm, tm, lm, authMiddle, rm, cm, cors) return nil }