Created
May 11, 2017 16:26
-
-
Save p0pr0ck5/a9186514b2b25b3b83e6b46e701a1579 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 2b2617a0e472e31a0d8da618e5a64b731a05859c Mon Sep 17 00:00:00 2001 | |
From: Robert Paprocki <robert@cryptobells.com> | |
Date: Tue, 2 May 2017 16:22:04 -0700 | |
Subject: [PATCH] feat(cors) match configured origins as a regular expression | |
Use the ngx.re API to match configured origins as regular expressions | |
against the client Origin header. In cases where a single origin is | |
configured for the plugin, set the ACAO header if the configuration | |
contains only non-PCRE metacharacters; otherwise, treat the single | |
configured origin as a though multiple origins were configured, by | |
iterating through the array and setting the ACAO header based on the | |
client Origin. | |
--- | |
kong/plugins/cors/handler.lua | 23 ++++++++++++++++------- | |
kong/plugins/cors/schema.lua | 16 +++++++++++++++- | |
2 files changed, 31 insertions(+), 8 deletions(-) | |
diff --git a/kong/plugins/cors/handler.lua b/kong/plugins/cors/handler.lua | |
index c45371c..c25116f 100644 | |
--- a/kong/plugins/cors/handler.lua | |
+++ b/kong/plugins/cors/handler.lua | |
@@ -25,21 +25,30 @@ local function configure_origin(ngx, conf) | |
if #conf.origins == 1 then | |
if conf.origins[1] == "*" then | |
ngx.ctx.cors_allow_all = true | |
+ ngx.header["Access-Control-Allow-Origin"] = "*" | |
+ return | |
+ end | |
+ | |
+ ngx.header["Vary"] = "Origin" | |
- else | |
- ngx.header["Vary"] = "Origin" | |
+ -- if this doesnt look like a regex, set the ACAO header directly | |
+ -- otherwise, we'll fall through to an iterative search and | |
+ -- set the ACAO header based on the client Origin | |
+ local from, to, err = re_find(conf.origins[1], "^[A-Za-z0-9.:/-]+$", "jo") | |
+ if err then | |
+ ngx.log(ngx.ERR, "[cors] could not inspect origin for type: ", err) | |
end | |
- ngx.header["Access-Control-Allow-Origin"] = conf.origins[1] | |
- return | |
+ if from then | |
+ ngx.header["Access-Control-Allow-Origin"] = conf.origins[1] | |
+ return | |
+ end | |
end | |
local req_origin = ngx.var.http_origin | |
if req_origin then | |
for _, domain in ipairs(conf.origins) do | |
- local from, _, err = re_find(req_origin, | |
- [[\Q]] .. domain .. [[\E$]], | |
- "jo") | |
+ local from, _, err = re_find(req_origin, domain, "jo") | |
if err then | |
ngx.log(ngx.ERR, "[cors] could not search for domain: ", err) | |
end | |
diff --git a/kong/plugins/cors/schema.lua b/kong/plugins/cors/schema.lua | |
index dc0cfdf..5f190d0 100644 | |
--- a/kong/plugins/cors/schema.lua | |
+++ b/kong/plugins/cors/schema.lua | |
@@ -1,7 +1,21 @@ | |
+local re_match = ngx.re.match | |
+ | |
+local check_regex = function(value) | |
+ if value and (#value > 1 or value[1] ~= "*") then | |
+ for _, origin in ipairs(value) do | |
+ local _, err = re_match("just a string to test", origin) | |
+ if err then | |
+ return false, "origin '" .. origin .. "' is not a valid regex" | |
+ end | |
+ end | |
+ end | |
+ return true | |
+end | |
+ | |
return { | |
no_consumer = true, | |
fields = { | |
- origins = { type = "array" }, | |
+ origins = { type = "array", func = check_regex }, | |
headers = { type = "array" }, | |
exposed_headers = { type = "array" }, | |
methods = { type = "array", enum = { "HEAD", "GET", "POST", "PUT", "PATCH", "DELETE" } }, | |
-- | |
2.9.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment