From 4ed17457dd7fa13fe6a1270059569de5b3eea38e Mon Sep 17 00:00:00 2001
From: James Agnew
Date: Thu, 17 Nov 2016 17:10:52 +0100
Subject: [PATCH] Work on CORS
---
hapi-fhir-jpaserver-base/pom.xml | 85 +++----------------
.../jpa/provider/dstu3/CorsDstu3Test.java | 37 ++++++++
hapi-fhir-jpaserver-uhnfhirtest/pom.xml | 4 +
.../ca/uhn/fhir/rest/server/CorsTest.java | 0
.../ca/uhn/fhir/rest/server/CORSFilter_.java | 20 ++---
pom.xml | 7 ++
src/site/fml/hapi-fhir-faq.fml | 43 +++++++++-
7 files changed, 108 insertions(+), 88 deletions(-)
create mode 100644 hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java
rename hapi-fhir-structures-dstu/src/{test => main}/java/ca/uhn/fhir/rest/server/CorsTest.java (100%)
diff --git a/hapi-fhir-jpaserver-base/pom.xml b/hapi-fhir-jpaserver-base/pom.xml
index b54ff16a8c9..3c66a1a57b4 100644
--- a/hapi-fhir-jpaserver-base/pom.xml
+++ b/hapi-fhir-jpaserver-base/pom.xml
@@ -130,7 +130,12 @@
commons-dbcp2
test
-
+
+ org.apache.tomcat
+ tomcat-catalina
+ test
+
+
javax.servlet
javax.servlet-api
@@ -468,77 +473,13 @@
true
-
+
diff --git a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java
new file mode 100644
index 00000000000..2047426b528
--- /dev/null
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/CorsDstu3Test.java
@@ -0,0 +1,37 @@
+package ca.uhn.fhir.jpa.provider.dstu3;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.junit.AfterClass;
+import org.junit.Test;
+
+import ca.uhn.fhir.util.TestUtil;
+
+public class CorsDstu3Test extends BaseResourceProviderDstu3Test {
+
+ private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(CorsDstu3Test.class);
+
+ @Test
+ public void saveLocalOrigin() throws IOException {
+ HttpGet get = new HttpGet(ourServerBase + "/Patient?name=test");
+ get.addHeader("Origin", "file://");
+ CloseableHttpResponse resp = ourHttpClient.execute(get);
+
+ ourLog.info(resp.toString());
+
+ IOUtils.closeQuietly(resp.getEntity().getContent());
+ assertEquals(200, resp.getStatusLine().getStatusCode());
+ }
+
+
+ @AfterClass
+ public static void afterClassClearContext() {
+ TestUtil.clearAllStaticFieldsForUnitTest();
+ }
+
+}
diff --git a/hapi-fhir-jpaserver-uhnfhirtest/pom.xml b/hapi-fhir-jpaserver-uhnfhirtest/pom.xml
index 5d13e684d67..8cd98261ee8 100644
--- a/hapi-fhir-jpaserver-uhnfhirtest/pom.xml
+++ b/hapi-fhir-jpaserver-uhnfhirtest/pom.xml
@@ -164,6 +164,10 @@
org.ebaysf.web
cors-filter
+
+ org.apache.tomcat
+ tomcat-catalina
+
diff --git a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java b/hapi-fhir-structures-dstu/src/main/java/ca/uhn/fhir/rest/server/CorsTest.java
similarity index 100%
rename from hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CorsTest.java
rename to hapi-fhir-structures-dstu/src/main/java/ca/uhn/fhir/rest/server/CorsTest.java
diff --git a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java b/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java
index ddbae4371d7..76ab84620a4 100755
--- a/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java
+++ b/hapi-fhir-structures-dstu/src/test/java/ca/uhn/fhir/rest/server/CORSFilter_.java
@@ -446,8 +446,6 @@ public final class CORSFilter_ implements Filter {
* The {@link HttpServletResponse} object.
* @param filterChain
* The {@link FilterChain} object.
- * @throws IOException
- * @throws ServletException
*/
public void handleInvalidCORS(final HttpServletRequest request,
final HttpServletResponse response, final FilterChain filterChain) {
@@ -594,7 +592,6 @@ public final class CORSFilter_ implements Filter {
* Determines the request type.
*
* @param request
- * @return
*/
public CORSRequestType checkRequestType(final HttpServletRequest request) {
CORSRequestType requestType = CORSRequestType.INVALID_CORS;
@@ -607,7 +604,7 @@ public final class CORSFilter_ implements Filter {
if (originHeader != null) {
if (originHeader.isEmpty()) {
requestType = CORSRequestType.INVALID_CORS;
- } else if ("null".equals(originHeader) == false && !isValidOrigin(originHeader)) {
+ } else if ("null".equals(originHeader) == false && "file://".equals(originHeader) == false && !isValidOrigin(originHeader)) {
requestType = CORSRequestType.INVALID_CORS;
} else {
String method = request.getMethod();
@@ -802,7 +799,6 @@ public final class CORSFilter_ implements Filter {
*
* @param origin
* @see RFC952
- * @return
*/
public static boolean isValidOrigin(String origin) {
// Checks for encoded characters. Helps prevent CRLF injection.
@@ -843,8 +839,6 @@ public final class CORSFilter_ implements Filter {
/**
* Returns a {@link Set} of headers that should be exposed by browser.
- *
- * @return
*/
public Collection getExposedHeaders() {
return exposedHeaders;
@@ -852,8 +846,6 @@ public final class CORSFilter_ implements Filter {
/**
* Determines is supports credentials is enabled
- *
- * @return
*/
public boolean isSupportsCredentials() {
return supportsCredentials;
@@ -1029,7 +1021,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of HTTP methods. Case sensitive.
*
- * @see http://tools.ietf.org/html/rfc2616#section-5.1.1
+ * @see link
*/
public static final Collection HTTP_METHODS = new HashSet(
Arrays.asList("OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE",
@@ -1043,7 +1035,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP methods. Case sensitive.
*
- * @see http://www.w3.org/TR/cors/#terminology
+ * @see link
*/
public static final Collection SIMPLE_HTTP_METHODS =
new HashSet(
@@ -1052,7 +1044,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
- * @see http://www.w3.org/TR/cors/#terminology
+ * @see link
*/
public static final Collection SIMPLE_HTTP_REQUEST_HEADERS =
new HashSet(Arrays.asList("Accept", "Accept-Language",
@@ -1061,7 +1053,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
- * @see http://www.w3.org/TR/cors/#terminology
+ * @see link
*/
public static final Collection SIMPLE_HTTP_RESPONSE_HEADERS =
new HashSet(Arrays.asList("Cache-Control",
@@ -1071,7 +1063,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
- * @see http://www.w3.org/TR/cors/#terminology
+ * @see link
*/
public static final Collection SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES =
new HashSet(Arrays.asList(
diff --git a/pom.xml b/pom.xml
index 8d1befe3474..563a546250e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -305,6 +305,7 @@
4.4.5
4.3.1.RELEASE
3.0.1.RELEASE
+ 8.0.39
1.0.1
1.6
@@ -516,6 +517,12 @@
wagon-scm
2.10
+
+ org.apache.tomcat
+ tomcat-catalina
+
+ ${tomcat_version}
+
org.apache.velocity
velocity
diff --git a/src/site/fml/hapi-fhir-faq.fml b/src/site/fml/hapi-fhir-faq.fml
index a67b9fc478a..6122d411250 100644
--- a/src/site/fml/hapi-fhir-faq.fml
+++ b/src/site/fml/hapi-fhir-faq.fml
@@ -41,6 +41,45 @@
+
+ How do I report a bug?
+
+
+ We welcome bug reports, and do our best to address them quickly. Please do
+ keep in mind though that HAPI FHIR is a volunteer-run project, so we can't
+ always act immediately on every issue.
+
+
+ Before reporting a bug, please make sure what you have is actually a bug.
+ If you are unsure how to do something with HAPI, you are more likely to
+ get a helpful response on our Google Group (please see the
+ "Where can I ask questions or get help" above).
+
+
+ When reporting a bug, please be as descriptive as possible. It is important
+ to include details such as:
+
+
+ - What you are trying to accomplish
+ - What version of HAPI you are using (and if you are running a customized version, please mention that too)
+ - What platform you are using (Windows/OSX/Linux Platform, OS Version, etc)
+ - What version of Java you are using
+
+
+ Please also include any samples or other useful files that might help in
+ diagnosing the issue. This could include resources you are using
+ for testing, build/server logs, etc. If you are concerned about privacy
+ you may also email James with
+ these artifacts but please also file a bug and reference the ticket number.
+
+
+ Finally, if you are able to include a unit test, or even better a
+ GitHub Pull Request we will be appreciative. Actually, one more thing:
+ If you disciver that your bug was actually not a bug, please make sure
+ to put an update in the ticket and close it.
+
+
+
JPA Server
@@ -82,11 +121,11 @@
here
and
an example of setting up a datasource
- here.
+ here.
-
\ No newline at end of file
+