Skip to content

Commit 00ebb0d

Browse files
hadisfrHaarolean
hadisfr
and
Haarolean
authored
BE: Chore: CORS config on error handling (#555)
Co-authored-by: Roman Zabaluev <[email protected]>
1 parent 0674286 commit 00ebb0d

File tree

3 files changed

+23
-5
lines changed

3 files changed

+23
-5
lines changed

api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java

+8-4
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,7 @@ public WebFilter corsFilter() {
2222

2323
final ServerHttpResponse response = ctx.getResponse();
2424
final HttpHeaders headers = response.getHeaders();
25-
headers.add("Access-Control-Allow-Origin", "*");
26-
headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
27-
headers.add("Access-Control-Max-Age", "3600");
28-
headers.add("Access-Control-Allow-Headers", "Content-Type");
25+
fillCorsHeader(headers, request);
2926

3027
if (request.getMethod() == HttpMethod.OPTIONS) {
3128
response.setStatusCode(HttpStatus.OK);
@@ -36,4 +33,11 @@ public WebFilter corsFilter() {
3633
};
3734
}
3835

36+
public static void fillCorsHeader(HttpHeaders responseHeaders, ServerHttpRequest request) {
37+
responseHeaders.add("Access-Control-Allow-Origin", request.getHeaders().getOrigin());
38+
responseHeaders.add("Access-Control-Allow-Credentials", "true");
39+
responseHeaders.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
40+
responseHeaders.add("Access-Control-Max-Age", "3600");
41+
responseHeaders.add("Access-Control-Allow-Headers", "Content-Type");
42+
}
3943
}

api/src/main/java/io/kafbat/ui/config/ReadOnlyModeFilter.java

+2-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ public class ReadOnlyModeFilter implements WebFilter {
3333
@NotNull
3434
@Override
3535
public Mono<Void> filter(ServerWebExchange exchange, @NotNull WebFilterChain chain) {
36-
var isSafeMethod = exchange.getRequest().getMethod() == HttpMethod.GET;
36+
var isSafeMethod =
37+
exchange.getRequest().getMethod() == HttpMethod.GET || exchange.getRequest().getMethod() == HttpMethod.OPTIONS;
3738
if (isSafeMethod) {
3839
return chain.filter(exchange);
3940
}

api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java

+13
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@
22

33
import com.google.common.base.Throwables;
44
import com.google.common.collect.Sets;
5+
import io.kafbat.ui.config.CorsGlobalConfiguration;
56
import io.kafbat.ui.model.ErrorResponseDTO;
67
import java.math.BigDecimal;
78
import java.util.List;
89
import java.util.Map;
910
import java.util.Objects;
1011
import java.util.Set;
12+
import java.util.function.Consumer;
1113
import java.util.stream.Collectors;
1214
import java.util.stream.Stream;
1315
import org.springframework.boot.autoconfigure.web.WebProperties;
@@ -16,6 +18,7 @@
1618
import org.springframework.context.ApplicationContext;
1719
import org.springframework.core.Ordered;
1820
import org.springframework.core.annotation.Order;
21+
import org.springframework.http.HttpHeaders;
1922
import org.springframework.http.HttpStatus;
2023
import org.springframework.http.MediaType;
2124
import org.springframework.http.codec.ServerCodecConfigurer;
@@ -78,6 +81,7 @@ private Mono<ServerResponse> renderDefault(Throwable throwable, ServerRequest re
7881
return ServerResponse
7982
.status(ErrorCode.UNEXPECTED.httpStatus())
8083
.contentType(MediaType.APPLICATION_JSON)
84+
.headers(headers(request))
8185
.bodyValue(response);
8286
}
8387

@@ -92,6 +96,7 @@ private Mono<ServerResponse> render(CustomBaseException baseException, ServerReq
9296
return ServerResponse
9397
.status(errorCode.httpStatus())
9498
.contentType(MediaType.APPLICATION_JSON)
99+
.headers(headers(request))
95100
.bodyValue(response);
96101
}
97102

@@ -122,6 +127,7 @@ private Mono<ServerResponse> render(WebExchangeBindException exception, ServerRe
122127
return ServerResponse
123128
.status(HttpStatus.BAD_REQUEST)
124129
.contentType(MediaType.APPLICATION_JSON)
130+
.headers(headers(request))
125131
.bodyValue(response);
126132
}
127133

@@ -136,13 +142,20 @@ private Mono<ServerResponse> render(ResponseStatusException exception, ServerReq
136142
return ServerResponse
137143
.status(exception.getStatusCode())
138144
.contentType(MediaType.APPLICATION_JSON)
145+
.headers(headers(request))
139146
.bodyValue(response);
140147
}
141148

142149
private String requestId(ServerRequest request) {
143150
return request.exchange().getRequest().getId();
144151
}
145152

153+
private Consumer<HttpHeaders> headers(ServerRequest request) {
154+
return (HttpHeaders headers) -> {
155+
CorsGlobalConfiguration.fillCorsHeader(headers, request.exchange().getRequest());
156+
};
157+
}
158+
146159
private BigDecimal currentTimestamp() {
147160
return BigDecimal.valueOf(System.currentTimeMillis());
148161
}

0 commit comments

Comments
 (0)