honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up places where CORS headers are declared - Related to #718

This commit is contained in:
James Agnew 2017-10-30 16:37:09 -04:00
parent c2b3774299
commit 7c1ab11b02
5 changed files with 51 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/api/Constants.java
View File

@ -31,6 +31,16 @@ public class Constants {
public static final String CHARSET_NAME_UTF8 = "UTF-8"; public static final String CHARSET_NAME_UTF8 = "UTF-8";
public static final Charset CHARSET_UTF8; public static final Charset CHARSET_UTF8;
public static final String CHARSET_UTF8_CTSUFFIX = "; charset=" + CHARSET_NAME_UTF8; public static final String CHARSET_UTF8_CTSUFFIX = "; charset=" + CHARSET_NAME_UTF8;
/**
* Contains a standard set of headers which are used by FHIR / HAPI FHIR, and therefore
* would make a useful set for CORS AllowedHeader declarations
*/
public static final Set<String> CORS_ALLOWED_HEADERS;
/**
* Contains a standard set of HTTP Methods which are used by FHIR / HAPI FHIR, and therefore
* would make a useful set for CORS AllowedMethod declarations
*/
public static final Set<String> CORS_ALLWED_METHODS;
public static final String CT_FHIR_JSON = "application/json+fhir"; public static final String CT_FHIR_JSON = "application/json+fhir";
public static final String CT_FHIR_JSON_NEW = "application/fhir+json"; public static final String CT_FHIR_JSON_NEW = "application/fhir+json";
public static final String CT_FHIR_XML = "application/xml+fhir"; public static final String CT_FHIR_XML = "application/xml+fhir";
@ -181,8 +191,7 @@ public class Constants {
static { static {
CHARSET_UTF8 = Charset.forName(CHARSET_NAME_UTF8); CHARSET_UTF8 = Charset.forName(CHARSET_NAME_UTF8);
HashMap<Integer, String> statusNames = new HashMap<Integer, String>(); HashMap<Integer, String> statusNames = new HashMap<>();
statusNames.put(200, "OK"); statusNames.put(200, "OK");
statusNames.put(201, "Created"); statusNames.put(201, "Created");
statusNames.put(202, "Accepted"); statusNames.put(202, "Accepted");
@ -247,11 +256,31 @@ public class Constants {
statusNames.put(511, "Network Authentication Required"); statusNames.put(511, "Network Authentication Required");
HTTP_STATUS_NAMES = Collections.unmodifiableMap(statusNames); HTTP_STATUS_NAMES = Collections.unmodifiableMap(statusNames);
Set<String> formatsHtml = new HashSet<String>(); Set<String> formatsHtml = new HashSet<>();
formatsHtml.add(CT_HTML); formatsHtml.add(CT_HTML);
formatsHtml.add(FORMAT_HTML); formatsHtml.add(FORMAT_HTML);
FORMATS_HTML = Collections.unmodifiableSet(formatsHtml); FORMATS_HTML = Collections.unmodifiableSet(formatsHtml);
// *********************************************************
// Update CorsInterceptor's constructor documentation if you change these:
// *********************************************************
HashSet<String> corsAllowedHeaders = new HashSet<>();
corsAllowedHeaders.add("Accept");
corsAllowedHeaders.add("Access-Control-Request-Headers");
corsAllowedHeaders.add("Access-Control-Request-Method");
corsAllowedHeaders.add("Cache-Control");
corsAllowedHeaders.add("Content-Type");
corsAllowedHeaders.add("Origin");
corsAllowedHeaders.add("Prefer");
corsAllowedHeaders.add("X-Requested-With");
CORS_ALLOWED_HEADERS = Collections.unmodifiableSet(corsAllowedHeaders);
// *********************************************************
// Update CorsInterceptor's constructor documentation if you change these:
// *********************************************************
HashSet<String> corsAllowedMethods = new HashSet<>();
corsAllowedMethods.addAll(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
CORS_ALLWED_METHODS = Collections.unmodifiableSet(corsAllowedMethods);
} }
} }

15
hapi-fhir-cli/hapi-fhir-cli-jpaserver/src/main/java/ca/uhn/fhir/jpa/demo/JpaServerDemo.java
View File

@ -142,20 +142,7 @@ public class JpaServerDemo extends RestfulServer {
setPagingProvider(new FifoMemoryPagingProvider(10)); setPagingProvider(new FifoMemoryPagingProvider(10));
// Register a CORS filter // Register a CORS filter
CorsConfiguration config = new CorsConfiguration(); CorsInterceptor corsInterceptor = new CorsInterceptor();
CorsInterceptor corsInterceptor = new CorsInterceptor(config);
config.addAllowedHeader("x-fhir-starter");
config.addAllowedHeader("Origin");
config.addAllowedHeader("Accept");
config.addAllowedHeader("Prefer");
config.addAllowedHeader("X-Requested-With");
config.addAllowedHeader("Content-Type");
config.addAllowedHeader("Access-Control-Request-Method");
config.addAllowedHeader("Access-Control-Request-Headers");
config.addAllowedOrigin("*");
config.addExposedHeader("Location");
config.addExposedHeader("Content-Location");
config.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS"));
registerInterceptor(corsInterceptor); registerInterceptor(corsInterceptor);
/* /*

14
hapi-fhir-jpaserver-uhnfhirtest/src/main/java/ca/uhn/fhirtest/TestRestfulServer.java
View File

@ -173,19 +173,7 @@ public class TestRestfulServer extends RestfulServer {
/* /*
* Enable CORS * Enable CORS
*/ */
CorsConfiguration config = new CorsConfiguration(); CorsInterceptor corsInterceptor = new CorsInterceptor();
CorsInterceptor corsInterceptor = new CorsInterceptor(config);
config.addAllowedHeader("Origin");
config.addAllowedHeader("Accept");
config.addAllowedHeader("X-Requested-With");
config.addAllowedHeader("Content-Type");
config.addAllowedHeader("Access-Control-Request-Method");
config.addAllowedHeader("Access-Control-Request-Headers");
config.addAllowedHeader("Cache-Control");
config.addAllowedOrigin("*");
config.addExposedHeader("Location");
config.addExposedHeader("Content-Location");
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
registerInterceptor(corsInterceptor); registerInterceptor(corsInterceptor);
/* /*

33
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/CorsInterceptor.java
View File

@ -21,11 +21,13 @@ package ca.uhn.fhir.rest.server.interceptor;
*/ */
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import ca.uhn.fhir.rest.api.Constants;
import org.apache.commons.lang3.Validate; import org.apache.commons.lang3.Validate;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsProcessor; import org.springframework.web.cors.CorsProcessor;
@ -44,14 +46,16 @@ public class CorsInterceptor extends InterceptorAdapter {
* a FHIR server. This includes: * a FHIR server. This includes:
* <ul> * <ul>
* <li>Allowed Origin: *</li> * <li>Allowed Origin: *</li>
* <li>Allowed Header: Origin</li>
* <li>Allowed Header: Accept</li> * <li>Allowed Header: Accept</li>
* <li>Allowed Header: X-Requested-With</li>
* <li>Allowed Header: Content-Type</li>
* <li>Allowed Header: Access-Control-Request-Method</li>
* <li>Allowed Header: Access-Control-Request-Headers</li> * <li>Allowed Header: Access-Control-Request-Headers</li>
* <li>Exposed Header: Location</li> * <li>Allowed Header: Access-Control-Request-Method</li>
* <li>Allowed Header: Cache-Control</li>
* <li>Exposed Header: Content-Location</li> * <li>Exposed Header: Content-Location</li>
* <li>Allowed Header: Content-Type</li>
* <li>Exposed Header: Location</li>
* <li>Allowed Header: Origin</li>
* <li>Allowed Header: Prefer</li>
* <li>Allowed Header: X-Requested-With</li>
* </ul> * </ul>
* Note that this configuration is useful for quickly getting CORS working, but * Note that this configuration is useful for quickly getting CORS working, but
* in a real production system you probably want to consider whether it is * in a real production system you probably want to consider whether it is
@ -108,21 +112,14 @@ public class CorsInterceptor extends InterceptorAdapter {
private static CorsConfiguration createDefaultCorsConfig() { private static CorsConfiguration createDefaultCorsConfig() {
CorsConfiguration retVal = new CorsConfiguration(); CorsConfiguration retVal = new CorsConfiguration();
// ********************************************************* retVal.setAllowedHeaders(new ArrayList<>(Constants.CORS_ALLOWED_HEADERS));
// Update constructor documentation if you change these: retVal.setAllowedMethods(new ArrayList<>(Constants.CORS_ALLWED_METHODS));
// *********************************************************
retVal.addAllowedHeader("Origin");
retVal.addAllowedHeader("Accept");
retVal.addAllowedHeader("X-Requested-With");
retVal.addAllowedHeader("Content-Type");
retVal.addAllowedHeader("Access-Control-Request-Method");
retVal.addAllowedHeader("Access-Control-Request-Headers");
retVal.addAllowedHeader("Cache-Control");
retVal.addAllowedOrigin("*");
retVal.addExposedHeader("Location");
retVal.addExposedHeader("Content-Location"); retVal.addExposedHeader("Content-Location");
retVal.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); retVal.addExposedHeader("Location");
retVal.addAllowedOrigin("*");
return retVal; return retVal;
} }

2
src/changes/changes.xml
View File

@ -158,7 +158,7 @@
Michael Lawley for the pull request! Michael Lawley for the pull request!
</action> </action>
<action type="add"> <action type="add">
Add <![CDATA[<code>Prefer</code>]]> to the list of headers which are declared as Add <![CDATA[<code>Prefer</code> and <code>Cache-Control</code>]]> to the list of headers which are declared as
being acceptable for CORS requests in CorsInterceptor, CLI, and JPA Example. being acceptable for CORS requests in CorsInterceptor, CLI, and JPA Example.
Thanks to Patrick Werner for the pull request! Thanks to Patrick Werner for the pull request!
</action> </action>