Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DESENG-484: Adding max age for cors #2379

Merged
merged 5 commits into from
Feb 12, 2024
Merged

DESENG-484: Adding max age for cors #2379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9be6576
DESENG-484: Adding max age for cors (#2377)
VineetBala-AOT Feb 9, 2024
b7f7abb
Update linting on config.py
VineetBala-AOT Feb 9, 2024
fb2d605
Update linting in util.py
VineetBala-AOT Feb 9, 2024
a2c9b39
Fixing unit tests
VineetBala-AOT Feb 9, 2024
4bef4f6
Merge branch 'main' into feature/deseng-484
VineetBala-AOT Feb 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.MD
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
## February 08, 2024
- **Task**Cache CORS preflight responses with the browser for a given period of time [DESENG-484](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-484)
- Introduces a new configuration variable to specify the maximum age for Cross-Origin Resource Sharing (CORS)
- Modified the CORS preflight method to utilize this newly introduced variable.
- **Task**Consolidate and re-write old migration files [DESENG-452](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-452)
- Change some foreign key field to nullbale false in model files
- Change `rejected_reason_other` to nullable true in `submission` model
Expand Down
6 changes: 6 additions & 0 deletions met-api/src/met_api/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,12 @@ def SQLALCHEMY_DATABASE_URI(self) -> str:
# CORS settings
CORS_ORIGINS = os.getenv('CORS_ORIGINS', '').split(',')

# CORS_MAX_AGE defines the maximum age (in seconds) for Cross-Origin Resource Sharing (CORS) settings.
# This value is used to indicate how long the results of a preflight request (OPTIONS) can be cached
# by the client, reducing the frequency of preflight requests for the specified HTTP methods.
# Adjust this value based on security considerations.
CORS_MAX_AGE = os.getenv('CORS_MAX_AGE', None) # Default: 0 seconds

EPIC_CONFIG = {
'ENABLED': env_truthy('EPIC_INTEGRATION_ENABLED'),
'JWT_OIDC_ISSUER': os.getenv('EPIC_JWT_OIDC_ISSUER'),
Expand Down
8 changes: 7 additions & 1 deletion met-api/src/met_api/utils/util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,18 @@ def cors_preflight(methods):

def wrapper(f):
def options(self, *args, **kwargs): # pylint: disable=unused-argument
return {'Allow': 'GET, DELETE, PUT, POST'}, 200, {
headers = {
'Allow': 'GET, DELETE, PUT, POST',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': methods,
'Access-Control-Allow-Headers': 'Authorization, Content-Type, '
'registries-trace-id, invitation_token'
}
max_age = os.getenv('CORS_MAX_AGE')
if max_age is not None:
headers['Access-Control-Max-Age'] = str(max_age)

return headers, 200, {}

setattr(f, 'options', options)
return f
Expand Down
4 changes: 2 additions & 2 deletions met-api/tests/unit/utils/test_util_cors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,5 +40,5 @@ class TestCors():
pass

rv = TestCors().options() # pylint: disable=no-member
assert rv[2]['Access-Control-Allow-Origin'] == '*'
assert rv[2]['Access-Control-Allow-Methods'] == methods
assert rv[0]['Access-Control-Allow-Origin'] == '*'
assert rv[0]['Access-Control-Allow-Methods'] == methods
Loading