From 4ed17457dd7fa13fe6a1270059569de5b3eea38e Mon Sep 17 00:00:00 2001 From: James Agnew Date: Thu, 17 Nov 2016 17:10:52 +0100 Subject: [PATCH] Work on CORS --- hapi-fhir-jpaserver-base/pom.xml | 85 +++---------------- .../jpa/provider/dstu3/CorsDstu3Test.java | 37 ++++++++ hapi-fhir-jpaserver-uhnfhirtest/pom.xml | 4 + .../ca/uhn/fhir/rest/server/CorsTest.java | 0 .../ca/uhn/fhir/rest/server/CORSFilter_.java | 20 ++--- pom.xml | 7 ++ src/site/fml/hapi-fhir-faq.fml | 43 +++++++++- 7 files changed, 108 insertions(+), 88 deletions(-) create mode 100644 hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java rename hapi-fhir-structures-dstu/src/{test => main}/java/ca/uhn/fhir/rest/server/CorsTest.java (100%) diff --git a/hapi-fhir-jpaserver-base/pom.xml b/hapi-fhir-jpaserver-base/pom.xml index b54ff16a8c9..3c66a1a57b4 100644 --- a/hapi-fhir-jpaserver-base/pom.xml +++ b/hapi-fhir-jpaserver-base/pom.xml @@ -130,7 +130,12 @@ commons-dbcp2 test - + + org.apache.tomcat + tomcat-catalina + test + + javax.servlet javax.servlet-api @@ -468,77 +473,13 @@ true - + diff --git a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java new file mode 100644 index 00000000000..2047426b528 --- /dev/null +++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java @@ -0,0 +1,37 @@ +package ca.uhn.fhir.jpa.provider.dstu3; + +import static org.junit.Assert.assertEquals; + +import java.io.IOException; + +import org.apache.commons.io.IOUtils; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.junit.AfterClass; +import org.junit.Test; + +import ca.uhn.fhir.util.TestUtil; + +public class CorsDstu3Test extends BaseResourceProviderDstu3Test { + + private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(CorsDstu3Test.class); + + @Test + public void saveLocalOrigin() throws IOException { + HttpGet get = new HttpGet(ourServerBase + "/Patient?name=test"); + get.addHeader("Origin", "file://"); + CloseableHttpResponse resp = ourHttpClient.execute(get); + + ourLog.info(resp.toString()); + + IOUtils.closeQuietly(resp.getEntity().getContent()); + assertEquals(200, resp.getStatusLine().getStatusCode()); + } + + + @AfterClass + public static void afterClassClearContext() { + TestUtil.clearAllStaticFieldsForUnitTest(); + } + +} diff --git a/hapi-fhir-jpaserver-uhnfhirtest/pom.xml b/hapi-fhir-jpaserver-uhnfhirtest/pom.xml index 5d13e684d67..8cd98261ee8 100644 --- a/hapi-fhir-jpaserver-uhnfhirtest/pom.xml +++ b/hapi-fhir-jpaserver-uhnfhirtest/pom.xml @@ -164,6 +164,10 @@ org.ebaysf.web cors-filter + + org.apache.tomcat + tomcat-catalina + diff --git a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java b/hapi-fhir-structures-dstu/src/main/java/ca/uhn/fhir/rest/server/CorsTest.java similarity index 100% rename from hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java rename to hapi-fhir-structures-dstu/src/main/java/ca/uhn/fhir/rest/server/CorsTest.java diff --git a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java b/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java index ddbae4371d7..76ab84620a4 100755 --- a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java +++ b/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java @@ -446,8 +446,6 @@ public final class CORSFilter_ implements Filter { * The {@link HttpServletResponse} object. * @param filterChain * The {@link FilterChain} object. - * @throws IOException - * @throws ServletException */ public void handleInvalidCORS(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) { @@ -594,7 +592,6 @@ public final class CORSFilter_ implements Filter { * Determines the request type. * * @param request - * @return */ public CORSRequestType checkRequestType(final HttpServletRequest request) { CORSRequestType requestType = CORSRequestType.INVALID_CORS; @@ -607,7 +604,7 @@ public final class CORSFilter_ implements Filter { if (originHeader != null) { if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; - } else if ("null".equals(originHeader) == false && !isValidOrigin(originHeader)) { + } else if ("null".equals(originHeader) == false && "file://".equals(originHeader) == false && !isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else { String method = request.getMethod(); @@ -802,7 +799,6 @@ public final class CORSFilter_ implements Filter { * * @param origin * @see RFC952 - * @return */ public static boolean isValidOrigin(String origin) { // Checks for encoded characters. Helps prevent CRLF injection. @@ -843,8 +839,6 @@ public final class CORSFilter_ implements Filter { /** * Returns a {@link Set} of headers that should be exposed by browser. - * - * @return */ public Collection getExposedHeaders() { return exposedHeaders; @@ -852,8 +846,6 @@ public final class CORSFilter_ implements Filter { /** * Determines is supports credentials is enabled - * - * @return */ public boolean isSupportsCredentials() { return supportsCredentials; @@ -1029,7 +1021,7 @@ public final class CORSFilter_ implements Filter { /** * {@link Collection} of HTTP methods. Case sensitive. * - * @see http://tools.ietf.org/html/rfc2616#section-5.1.1 + * @see link */ public static final Collection HTTP_METHODS = new HashSet( Arrays.asList("OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", @@ -1043,7 +1035,7 @@ public final class CORSFilter_ implements Filter { /** * {@link Collection} of Simple HTTP methods. Case sensitive. * - * @see http://www.w3.org/TR/cors/#terminology + * @see link */ public static final Collection SIMPLE_HTTP_METHODS = new HashSet( @@ -1052,7 +1044,7 @@ public final class CORSFilter_ implements Filter { /** * {@link Collection} of Simple HTTP request headers. Case in-sensitive. * - * @see http://www.w3.org/TR/cors/#terminology + * @see link */ public static final Collection SIMPLE_HTTP_REQUEST_HEADERS = new HashSet(Arrays.asList("Accept", "Accept-Language", @@ -1061,7 +1053,7 @@ public final class CORSFilter_ implements Filter { /** * {@link Collection} of Simple HTTP request headers. Case in-sensitive. * - * @see http://www.w3.org/TR/cors/#terminology + * @see link */ public static final Collection SIMPLE_HTTP_RESPONSE_HEADERS = new HashSet(Arrays.asList("Cache-Control", @@ -1071,7 +1063,7 @@ public final class CORSFilter_ implements Filter { /** * {@link Collection} of Simple HTTP request headers. Case in-sensitive. * - * @see http://www.w3.org/TR/cors/#terminology + * @see link */ public static final Collection SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES = new HashSet(Arrays.asList( diff --git a/pom.xml b/pom.xml index 8d1befe3474..563a546250e 100644 --- a/pom.xml +++ b/pom.xml @@ -305,6 +305,7 @@ 4.4.5 4.3.1.RELEASE 3.0.1.RELEASE + 8.0.39 1.0.1 1.6 @@ -516,6 +517,12 @@ wagon-scm 2.10 + + org.apache.tomcat + tomcat-catalina + + ${tomcat_version} + org.apache.velocity velocity diff --git a/src/site/fml/hapi-fhir-faq.fml b/src/site/fml/hapi-fhir-faq.fml index a67b9fc478a..6122d411250 100644 --- a/src/site/fml/hapi-fhir-faq.fml +++ b/src/site/fml/hapi-fhir-faq.fml @@ -41,6 +41,45 @@

+ + How do I report a bug? + +

+ We welcome bug reports, and do our best to address them quickly. Please do + keep in mind though that HAPI FHIR is a volunteer-run project, so we can't + always act immediately on every issue. +

+

+ Before reporting a bug, please make sure what you have is actually a bug. + If you are unsure how to do something with HAPI, you are more likely to + get a helpful response on our Google Group (please see the + "Where can I ask questions or get help" above). +

+

+ When reporting a bug, please be as descriptive as possible. It is important + to include details such as: +

+
    +
  • What you are trying to accomplish
  • +
  • What version of HAPI you are using (and if you are running a customized version, please mention that too)
  • +
  • What platform you are using (Windows/OSX/Linux Platform, OS Version, etc)
  • +
  • What version of Java you are using
  • +
+

+ Please also include any samples or other useful files that might help in + diagnosing the issue. This could include resources you are using + for testing, build/server logs, etc. If you are concerned about privacy + you may also email James with + these artifacts but please also file a bug and reference the ticket number. +

+

+ Finally, if you are able to include a unit test, or even better a + GitHub Pull Request we will be appreciative. Actually, one more thing: + If you disciver that your bug was actually not a bug, please make sure + to put an update in the ticket and close it. +

+
+
JPA Server @@ -82,11 +121,11 @@ here and an example of setting up a datasource - here. + here.

- \ No newline at end of file +