YARN-2511. Allowed all origins by default when CrossOriginFilter is enabled. Contributed by Jonathan Eagles.
This commit is contained in:
parent
3fa5f728c4
commit
51a4faf521
@ -178,6 +178,9 @@ Release 2.6.0 - UNRELEASED
|
||||
YARN-2509. Enable Cross Origin Filter for timeline server only and not all
|
||||
Yarn servers (Mit Desai via jeagles)
|
||||
|
||||
YARN-2511. Allowed all origins by default when CrossOriginFilter is
|
||||
enabled. (Jonathan Eagles via zjshen)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
@ -76,6 +76,7 @@ public class CrossOriginFilter implements Filter {
|
||||
private List<String> allowedMethods = new ArrayList<String>();
|
||||
private List<String> allowedHeaders = new ArrayList<String>();
|
||||
private List<String> allowedOrigins = new ArrayList<String>();
|
||||
private boolean allowAllOrigins = true;
|
||||
private String maxAge;
|
||||
|
||||
@Override
|
||||
@ -171,7 +172,9 @@ private void initializeAllowedOrigins(FilterConfig filterConfig) {
|
||||
}
|
||||
allowedOrigins =
|
||||
Arrays.asList(allowedOriginsConfig.trim().split("\\s*,\\s*"));
|
||||
allowAllOrigins = allowedOrigins.contains("*");
|
||||
LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ','));
|
||||
LOG.info("Allow All Origins: " + allowAllOrigins);
|
||||
}
|
||||
|
||||
private void initializeMaxAge(FilterConfig filterConfig) {
|
||||
@ -199,8 +202,9 @@ static boolean isCrossOrigin(String origin) {
|
||||
return origin != null;
|
||||
}
|
||||
|
||||
private boolean isOriginAllowed(String origin) {
|
||||
return allowedOrigins.contains(origin);
|
||||
@VisibleForTesting
|
||||
boolean isOriginAllowed(String origin) {
|
||||
return allowAllOrigins || allowedOrigins.contains(origin);
|
||||
}
|
||||
|
||||
private boolean areHeadersAllowed(String accessControlRequestHeaders) {
|
||||
@ -213,7 +217,7 @@ private boolean areHeadersAllowed(String accessControlRequestHeaders) {
|
||||
|
||||
private boolean isMethodAllowed(String accessControlRequestMethod) {
|
||||
if (accessControlRequestMethod == null) {
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
return allowedMethods.contains(accessControlRequestMethod);
|
||||
}
|
||||
|
@ -31,6 +31,7 @@
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.mockito.Mockito.when;
|
||||
@ -65,6 +66,20 @@ public void testSameOrigin() throws ServletException, IOException {
|
||||
verify(mockChain).doFilter(mockReq, mockRes);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAllowAllOrigins() throws ServletException, IOException {
|
||||
|
||||
// Setup the configuration settings of the server
|
||||
Map<String, String> conf = new HashMap<String, String>();
|
||||
conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*");
|
||||
FilterConfig filterConfig = new FilterConfigTest(conf);
|
||||
|
||||
// Object under test
|
||||
CrossOriginFilter filter = new CrossOriginFilter();
|
||||
filter.init(filterConfig);
|
||||
Assert.assertTrue(filter.isOriginAllowed("example.org"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDisallowedOrigin() throws ServletException, IOException {
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user