Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

支持在制品库Admin配置允许跨域访问 #121

Closed
cnlkl opened this issue Dec 15, 2022 · 1 comment
Closed

支持在制品库Admin配置允许跨域访问 #121

cnlkl opened this issue Dec 15, 2022 · 1 comment
Assignees
@cnlkl
Labels
backend enhancement New feature or request gateway

Comments

@cnlkl
Copy link
Collaborator

cnlkl commented Dec 15, 2022

No description provided.

@cnlkl cnlkl added enhancement New feature or request backend gateway labels Dec 15, 2022
@cnlkl cnlkl self-assigned this Dec 15, 2022
@cnlkl
Copy link
Collaborator Author

cnlkl commented Dec 19, 2022

  1. 网关层面如果配置的allow_hosts参数是空字符串,有认证的话,所有OPTIONS请求都会返回成功
  2. 由于samesite限制,跨站调用不会携带Cookie,无法使用/web/**接口
  3. /api/generic/temporary/upload接口已加上CrossOrigin注解允许所有跨域调用,可以使用该接口
  4. 如果非OPTIONS请求携带Origin Header,且接口存在CORS配置,也会判断CORS相关Header,没配置的话默认允许所有Origin

--------Spring对OPTIONS请求匹配到多个HandlerMethod这种情况的处理-----------

generic服务现在临时/非临时两个上传接口都是允许所有Origin的,因为OPTIONS请求比实际请求少了一些参数,Spring没办法判断OPTIONS请求该使用哪个HandlerMethod,所以只要匹配到的多个HandlerMethod里有一个包含CORS配置就会允许所有允许所有请求,参考

目前upload有两个接口/{projectId}/{repoName}/**/temporary/upload/{projectId}/{repoName}/**OPTIONS请求无法判断该用哪个,比如projectId=temporaryrepoName=upload这种情况,因为临时上传接口上配置了CORS,所以会导致两个接口都允许所有Origin

@cnlkl cnlkl closed this as completed Dec 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnlkl cnlkl

Labels
backend enhancement New feature or request gateway
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cnlkl