Clean up places where CORS headers are declared - Related to #718
This commit is contained in:
parent
c2b3774299
commit
7c1ab11b02
|
@ -31,6 +31,16 @@ public class Constants {
|
|||
public static final String CHARSET_NAME_UTF8 = "UTF-8";
|
||||
public static final Charset CHARSET_UTF8;
|
||||
public static final String CHARSET_UTF8_CTSUFFIX = "; charset=" + CHARSET_NAME_UTF8;
|
||||
/**
|
||||
* Contains a standard set of headers which are used by FHIR / HAPI FHIR, and therefore
|
||||
* would make a useful set for CORS AllowedHeader declarations
|
||||
*/
|
||||
public static final Set<String> CORS_ALLOWED_HEADERS;
|
||||
/**
|
||||
* Contains a standard set of HTTP Methods which are used by FHIR / HAPI FHIR, and therefore
|
||||
* would make a useful set for CORS AllowedMethod declarations
|
||||
*/
|
||||
public static final Set<String> CORS_ALLWED_METHODS;
|
||||
public static final String CT_FHIR_JSON = "application/json+fhir";
|
||||
public static final String CT_FHIR_JSON_NEW = "application/fhir+json";
|
||||
public static final String CT_FHIR_XML = "application/xml+fhir";
|
||||
|
@ -181,8 +191,7 @@ public class Constants {
|
|||
static {
|
||||
CHARSET_UTF8 = Charset.forName(CHARSET_NAME_UTF8);
|
||||
|
||||
HashMap<Integer, String> statusNames = new HashMap<Integer, String>();
|
||||
|
||||
HashMap<Integer, String> statusNames = new HashMap<>();
|
||||
statusNames.put(200, "OK");
|
||||
statusNames.put(201, "Created");
|
||||
statusNames.put(202, "Accepted");
|
||||
|
@ -247,11 +256,31 @@ public class Constants {
|
|||
statusNames.put(511, "Network Authentication Required");
|
||||
HTTP_STATUS_NAMES = Collections.unmodifiableMap(statusNames);
|
||||
|
||||
Set<String> formatsHtml = new HashSet<String>();
|
||||
Set<String> formatsHtml = new HashSet<>();
|
||||
formatsHtml.add(CT_HTML);
|
||||
formatsHtml.add(FORMAT_HTML);
|
||||
FORMATS_HTML = Collections.unmodifiableSet(formatsHtml);
|
||||
|
||||
// *********************************************************
|
||||
// Update CorsInterceptor's constructor documentation if you change these:
|
||||
// *********************************************************
|
||||
HashSet<String> corsAllowedHeaders = new HashSet<>();
|
||||
corsAllowedHeaders.add("Accept");
|
||||
corsAllowedHeaders.add("Access-Control-Request-Headers");
|
||||
corsAllowedHeaders.add("Access-Control-Request-Method");
|
||||
corsAllowedHeaders.add("Cache-Control");
|
||||
corsAllowedHeaders.add("Content-Type");
|
||||
corsAllowedHeaders.add("Origin");
|
||||
corsAllowedHeaders.add("Prefer");
|
||||
corsAllowedHeaders.add("X-Requested-With");
|
||||
CORS_ALLOWED_HEADERS = Collections.unmodifiableSet(corsAllowedHeaders);
|
||||
|
||||
// *********************************************************
|
||||
// Update CorsInterceptor's constructor documentation if you change these:
|
||||
// *********************************************************
|
||||
HashSet<String> corsAllowedMethods = new HashSet<>();
|
||||
corsAllowedMethods.addAll(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
|
||||
CORS_ALLWED_METHODS = Collections.unmodifiableSet(corsAllowedMethods);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -142,20 +142,7 @@ public class JpaServerDemo extends RestfulServer {
|
|||
setPagingProvider(new FifoMemoryPagingProvider(10));
|
||||
|
||||
// Register a CORS filter
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
CorsInterceptor corsInterceptor = new CorsInterceptor(config);
|
||||
config.addAllowedHeader("x-fhir-starter");
|
||||
config.addAllowedHeader("Origin");
|
||||
config.addAllowedHeader("Accept");
|
||||
config.addAllowedHeader("Prefer");
|
||||
config.addAllowedHeader("X-Requested-With");
|
||||
config.addAllowedHeader("Content-Type");
|
||||
config.addAllowedHeader("Access-Control-Request-Method");
|
||||
config.addAllowedHeader("Access-Control-Request-Headers");
|
||||
config.addAllowedOrigin("*");
|
||||
config.addExposedHeader("Location");
|
||||
config.addExposedHeader("Content-Location");
|
||||
config.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS"));
|
||||
CorsInterceptor corsInterceptor = new CorsInterceptor();
|
||||
registerInterceptor(corsInterceptor);
|
||||
|
||||
/*
|
||||
|
|
|
@ -173,19 +173,7 @@ public class TestRestfulServer extends RestfulServer {
|
|||
/*
|
||||
* Enable CORS
|
||||
*/
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
CorsInterceptor corsInterceptor = new CorsInterceptor(config);
|
||||
config.addAllowedHeader("Origin");
|
||||
config.addAllowedHeader("Accept");
|
||||
config.addAllowedHeader("X-Requested-With");
|
||||
config.addAllowedHeader("Content-Type");
|
||||
config.addAllowedHeader("Access-Control-Request-Method");
|
||||
config.addAllowedHeader("Access-Control-Request-Headers");
|
||||
config.addAllowedHeader("Cache-Control");
|
||||
config.addAllowedOrigin("*");
|
||||
config.addExposedHeader("Location");
|
||||
config.addExposedHeader("Content-Location");
|
||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
|
||||
CorsInterceptor corsInterceptor = new CorsInterceptor();
|
||||
registerInterceptor(corsInterceptor);
|
||||
|
||||
/*
|
||||
|
|
|
@ -21,11 +21,13 @@ package ca.uhn.fhir.rest.server.interceptor;
|
|||
*/
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import ca.uhn.fhir.rest.api.Constants;
|
||||
import org.apache.commons.lang3.Validate;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsProcessor;
|
||||
|
@ -44,14 +46,16 @@ public class CorsInterceptor extends InterceptorAdapter {
|
|||
* a FHIR server. This includes:
|
||||
* <ul>
|
||||
* <li>Allowed Origin: *</li>
|
||||
* <li>Allowed Header: Origin</li>
|
||||
* <li>Allowed Header: Accept</li>
|
||||
* <li>Allowed Header: X-Requested-With</li>
|
||||
* <li>Allowed Header: Content-Type</li>
|
||||
* <li>Allowed Header: Access-Control-Request-Method</li>
|
||||
* <li>Allowed Header: Access-Control-Request-Headers</li>
|
||||
* <li>Exposed Header: Location</li>
|
||||
* <li>Allowed Header: Access-Control-Request-Method</li>
|
||||
* <li>Allowed Header: Cache-Control</li>
|
||||
* <li>Exposed Header: Content-Location</li>
|
||||
* <li>Allowed Header: Content-Type</li>
|
||||
* <li>Exposed Header: Location</li>
|
||||
* <li>Allowed Header: Origin</li>
|
||||
* <li>Allowed Header: Prefer</li>
|
||||
* <li>Allowed Header: X-Requested-With</li>
|
||||
* </ul>
|
||||
* Note that this configuration is useful for quickly getting CORS working, but
|
||||
* in a real production system you probably want to consider whether it is
|
||||
|
@ -108,21 +112,14 @@ public class CorsInterceptor extends InterceptorAdapter {
|
|||
private static CorsConfiguration createDefaultCorsConfig() {
|
||||
CorsConfiguration retVal = new CorsConfiguration();
|
||||
|
||||
// *********************************************************
|
||||
// Update constructor documentation if you change these:
|
||||
// *********************************************************
|
||||
retVal.setAllowedHeaders(new ArrayList<>(Constants.CORS_ALLOWED_HEADERS));
|
||||
retVal.setAllowedMethods(new ArrayList<>(Constants.CORS_ALLWED_METHODS));
|
||||
|
||||
retVal.addAllowedHeader("Origin");
|
||||
retVal.addAllowedHeader("Accept");
|
||||
retVal.addAllowedHeader("X-Requested-With");
|
||||
retVal.addAllowedHeader("Content-Type");
|
||||
retVal.addAllowedHeader("Access-Control-Request-Method");
|
||||
retVal.addAllowedHeader("Access-Control-Request-Headers");
|
||||
retVal.addAllowedHeader("Cache-Control");
|
||||
retVal.addAllowedOrigin("*");
|
||||
retVal.addExposedHeader("Location");
|
||||
retVal.addExposedHeader("Content-Location");
|
||||
retVal.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
|
||||
retVal.addExposedHeader("Location");
|
||||
|
||||
retVal.addAllowedOrigin("*");
|
||||
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
|
|
@ -158,7 +158,7 @@
|
|||
Michael Lawley for the pull request!
|
||||
</action>
|
||||
<action type="add">
|
||||
Add <![CDATA[<code>Prefer</code>]]> to the list of headers which are declared as
|
||||
Add <![CDATA[<code>Prefer</code> and <code>Cache-Control</code>]]> to the list of headers which are declared as
|
||||
being acceptable for CORS requests in CorsInterceptor, CLI, and JPA Example.
|
||||
Thanks to Patrick Werner for the pull request!
|
||||
</action>
|
||||
|
|
Loading…
Reference in New Issue