allow speficying the separator when using xorigins macro

Alfresco · Oct 16, 2023 · 5bc2be5 · 5bc2be5
1 parent f96645f
commit 5bc2be5
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/roles/repository/molecule/default/tests/test_repository.py b/roles/repository/molecule/default/tests/test_repository.py
@@ -191,4 +191,4 @@ def test_share_CSRF_config(host):
     referer = share_xml.findall('{}/referer'.format(xmlpath))
     origin = share_xml.findall('{}/origin'.format(xmlpath))
     assert_that(referer[0].text == 'http://localhost:8080/share/.*|https://someotherapp/.*')
-    assert_that(origin[0].text == 'http://localhost:8080,https://someotherapp')
+    assert_that(origin[0].text == 'http://localhost:8080|https://someotherapp')
diff --git a/roles/repository/templates/alfresco-global.properties.j2 b/roles/repository/templates/alfresco-global.properties.j2
@@ -60,8 +60,8 @@ dsync.service.uris={% if use_ssl | bool %}https{% else %}http{% endif %}://{% if
 {% import 'xorigins_macros.j2' as _xorigins_protection %}
 csrf.filter.enabled={% if csrf.enabled | bool %}true
 {% if csrf.urls -%}
-  csrf.filter.referer={{ _xorigins_protection.compute(inventory_hostname, 'referer', csrf.urls) }}
-  csrf.filter.origin={{ _xorigins_protection.compute(inventory_hostname, 'origin', csrf.urls) }}
+  csrf.filter.referer={{ _xorigins_protection.compute(inventory_hostname, 'referer', csrf.urls, '|') }}
+  csrf.filter.origin={{ _xorigins_protection.compute(inventory_hostname, 'origin', csrf.urls, ',') }}
 {% endif %}
 csrf.filter.referer.always={{ 'true' if 'origin' in csrf.force_headers | lower else 'false' }}
 csrf.filter.origin.always={{ 'true' if 'referer' in csrf.force_headers | lower else 'false' }}
@@ -72,7 +72,7 @@ csrf.filter.origin.always={{ 'true' if 'referer' in csrf.force_headers | lower e
 # CORS filter overrides
 cors.enabled={% if cors.enabled | bool %}true
 {% if cors.urls -%}
-  cors.allowed.origins={{ _xorigins_protection.compute(inventory_hostname, 'origin', cors.urls) }}
+  cors.allowed.origins={{ _xorigins_protection.compute(inventory_hostname, 'origin', cors.urls, ',') }}
 {% endif %}
 cors.allowed.methods={{ cors.allowed_methods | default([]) | join(',') }}
 cors.allowed.headers={{ cors.allowed_headers | default([]) | join(',') }}

diff --git a/roles/repository/templates/share-config-custom.xml.j2 b/roles/repository/templates/share-config-custom.xml.j2
@@ -78,13 +78,13 @@
 
 	 {# Compute referers & origins -#}
          {% import 'xorigins_macros.j2' as _xorigins_protection %}
-	 <referer>{{ _xorigins_protection.compute(inventory_hostname, 'referer', csrf.urls)}}</referer>
+	 <referer>{{ _xorigins_protection.compute(inventory_hostname, 'referer', csrf.urls, '|')}}</referer>
 
          <!--
             Override and set this property with a regexp that if you have placed Share behind a proxy that
             does not rewrite the Origin header.
          -->
-	 <origin>{{ _xorigins_protection.compute(inventory_hostname, 'origin', csrf.urls)}}</origin>
+	 <origin>{{ _xorigins_protection.compute(inventory_hostname, 'origin', csrf.urls, '|')}}</origin>
       </properties>
 
       <!--

diff --git a/roles/repository/templates/xorigins_macros.j2 b/roles/repository/templates/xorigins_macros.j2
@@ -1,4 +1,4 @@
-{% macro compute(host, type, urls) -%}
+{% macro compute(host, type, urls, separator) -%}
   {% set Urlns = namespace() -%}
   {% set Origins = namespace(list=[]) -%}
   {% for url in urls -%}
@@ -12,8 +12,8 @@
   {{ urls.append('https?://localhost') -}}
   {% endif -%}
   {% if type == 'origin' -%}
-    {{ Origins.list | unique | select() | join(',') -}}
+    {{ Origins.list | unique | select() | join(separator) -}}
   {% elif type == 'referer' -%}
-    {{ urls | unique  | map('trim', '/') | product(['/.*']) | map('join') | select() | join('|') -}}
+    {{ urls | unique  | map('trim', '/') | product(['/.*']) | map('join') | select() | join(separator) -}}
   {% endif -%}
 {% endmacro %}