From 604ebf3222a42eca959f2f7979c7d11f4581e69f Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Thu, 18 Jul 2024 14:11:04 -0400 Subject: [PATCH] fix(cors): remove explicit CORS handling (#327) --- src/main/java/io/cryostat/Health.java | 70 ++++++++------------------- 1 file changed, 19 insertions(+), 51 deletions(-) diff --git a/src/main/java/io/cryostat/Health.java b/src/main/java/io/cryostat/Health.java index a6e51aea3..5e71539ff 100644 --- a/src/main/java/io/cryostat/Health.java +++ b/src/main/java/io/cryostat/Health.java @@ -37,7 +37,6 @@ import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; -import jakarta.ws.rs.core.Response.ResponseBuilder; import org.apache.commons.lang3.StringUtils; import org.eclipse.microprofile.config.inject.ConfigProperty; import org.jboss.logging.Logger; @@ -95,23 +94,22 @@ public Response health() { reportsAvailable.complete(true); } - return new PermittedResponseBuilder( - Response.ok( - Map.of( - "cryostatVersion", - String.format("v%s", version), - "dashboardConfigured", - dashboardURL.isPresent(), - "dashboardAvailable", - dashboardAvailable.join(), - "datasourceConfigured", - datasourceURL.isPresent(), - "datasourceAvailable", - datasourceAvailable.join(), - "reportsConfigured", - reportsConfigured, - "reportsAvailable", - reportsAvailable.join()))) + return Response.ok( + Map.of( + "cryostatVersion", + String.format("v%s", version), + "dashboardConfigured", + dashboardURL.isPresent(), + "dashboardAvailable", + dashboardAvailable.join(), + "datasourceConfigured", + datasourceURL.isPresent(), + "datasourceAvailable", + datasourceAvailable.join(), + "reportsConfigured", + reportsConfigured, + "reportsAvailable", + reportsAvailable.join())) .build(); } @@ -135,8 +133,7 @@ public Response grafanaDashboardUrl() { dashboardExternalURL.orElseGet( () -> dashboardURL.orElseThrow(() -> new BadRequestException())); - return new PermittedResponseBuilder(Response.ok(Map.of("grafanaDashboardUrl", url))) - .build(); + return Response.ok(Map.of("grafanaDashboardUrl", url)).build(); } @GET @@ -144,10 +141,7 @@ public Response grafanaDashboardUrl() { @PermitAll @Produces({MediaType.APPLICATION_JSON}) public Response grafanaDatasourceUrl() { - return new PermittedResponseBuilder( - Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL))) - .corsSkippedHeaders() - .build(); + return Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL)).build(); } private void checkUri( @@ -161,7 +155,7 @@ private void checkUri( future.complete(false); return; } - logger.debugv("Testing health of {1}={2} {3}", configProperty, uri.toString(), path); + logger.debugv("Testing health of {0}={1} {2}", configProperty, uri.toString(), path); HttpRequest req = webClient.get(uri.getHost(), path); if (uri.getPort() != -1) { req = req.port(uri.getPort()); @@ -183,30 +177,4 @@ private void checkUri( future.complete(false); } } - - static class PermittedResponseBuilder { - private ResponseBuilder builder; - - public PermittedResponseBuilder(ResponseBuilder builder) { - this.builder = builder; - } - - public ResponseBuilder corsSkippedHeaders() { - // TODO @PermitAll annotation seems to skip the CORS filter, so these headers don't get - // added. We shouldn't need to add them manually like this and they should not be added - // in - // prod builds. - return this.builder - .header("Access-Control-Allow-Origin", "http://localhost:9000") - .header( - "Access-Control-Allow-Headers", - "accept, origin, authorization, content-type," + " x-requested-with") - .header("Access-Control-Allow-Methods", "GET,POST,OPTIONS") - .header("Access-Control-Allow-Credentials", "true"); - } - - public Response build() { - return builder.build(); - } - } }