YARN-2511. Allowed all origins by default when CrossOriginFilter is enabled. Contributed by Jonathan Eagles.

This commit is contained in:
Zhijie Shen 2014-09-04 15:01:01 -07:00
parent 3fa5f728c4
commit 51a4faf521
3 changed files with 25 additions and 3 deletions

View File

@ -178,6 +178,9 @@ Release 2.6.0 - UNRELEASED
YARN-2509. Enable Cross Origin Filter for timeline server only and not all
Yarn servers (Mit Desai via jeagles)
YARN-2511. Allowed all origins by default when CrossOriginFilter is
enabled. (Jonathan Eagles via zjshen)
OPTIMIZATIONS
BUG FIXES

View File

@ -76,6 +76,7 @@ public class CrossOriginFilter implements Filter {
private List<String> allowedMethods = new ArrayList<String>();
private List<String> allowedHeaders = new ArrayList<String>();
private List<String> allowedOrigins = new ArrayList<String>();
private boolean allowAllOrigins = true;
private String maxAge;
@Override
@ -171,7 +172,9 @@ private void initializeAllowedOrigins(FilterConfig filterConfig) {
}
allowedOrigins =
Arrays.asList(allowedOriginsConfig.trim().split("\\s*,\\s*"));
allowAllOrigins = allowedOrigins.contains("*");
LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ','));
LOG.info("Allow All Origins: " + allowAllOrigins);
}
private void initializeMaxAge(FilterConfig filterConfig) {
@ -199,8 +202,9 @@ static boolean isCrossOrigin(String origin) {
return origin != null;
}
private boolean isOriginAllowed(String origin) {
return allowedOrigins.contains(origin);
@VisibleForTesting
boolean isOriginAllowed(String origin) {
return allowAllOrigins || allowedOrigins.contains(origin);
}
private boolean areHeadersAllowed(String accessControlRequestHeaders) {
@ -213,7 +217,7 @@ private boolean areHeadersAllowed(String accessControlRequestHeaders) {
private boolean isMethodAllowed(String accessControlRequestMethod) {
if (accessControlRequestMethod == null) {
return false;
return true;
}
return allowedMethods.contains(accessControlRequestMethod);
}

View File

@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Test;
import static org.mockito.Mockito.when;
@ -65,6 +66,20 @@ public void testSameOrigin() throws ServletException, IOException {
verify(mockChain).doFilter(mockReq, mockRes);
}
@Test
public void testAllowAllOrigins() throws ServletException, IOException {
// Setup the configuration settings of the server
Map<String, String> conf = new HashMap<String, String>();
conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*");
FilterConfig filterConfig = new FilterConfigTest(conf);
// Object under test
CrossOriginFilter filter = new CrossOriginFilter();
filter.init(filterConfig);
Assert.assertTrue(filter.isOriginAllowed("example.org"));
}
@Test
public void testDisallowedOrigin() throws ServletException, IOException {