fix(cors): remove explicit CORS handling, enable in smoketest by config

cryostatio · Mar 15, 2024 · a3799e2 · a3799e2
1 parent 3f3c409
commit a3799e2
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 55 deletions.
diff --git a/compose/cryostat.yml b/compose/cryostat.yml
@@ -27,6 +27,10 @@ services:
     environment:
       QUARKUS_HTTP_HOST: "cryostat"
       QUARKUS_HTTP_PORT: ${CRYOSTAT_HTTP_PORT}
+      QUARKUS_HTTP_CORS: "true"
+      QUARKUS_HTTP_CORS_ORIGINS: /.*/
+      QUARKUS_HTTP_CORS_EXPOSED_HEADERS: x-www-authenticate,x-jmx-authenticate
+      QUARKUS_HTTP_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS: "true"
       QUARKUS_HIBERNATE_ORM_LOG_SQL: "true"
       CRYOSTAT_DISCOVERY_JDP_ENABLED: "true"
       CRYOSTAT_DISCOVERY_PODMAN_ENABLED: "true"

diff --git a/src/main/java/io/cryostat/Health.java b/src/main/java/io/cryostat/Health.java
@@ -36,7 +36,6 @@
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
-import jakarta.ws.rs.core.Response.ResponseBuilder;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.logging.Logger;
 
@@ -74,23 +73,22 @@ public Response health() {
         checkUri(datasourceURL, "/", datasourceAvailable);
         reportsAvailable.complete(false);
 
-        return new PermittedResponseBuilder(
-                        Response.ok(
-                                Map.of(
-                                        "cryostatVersion",
-                                        String.format("v%s", version),
-                                        "dashboardConfigured",
-                                        dashboardURL.isPresent(),
-                                        "dashboardAvailable",
-                                        dashboardAvailable.join(),
-                                        "datasourceConfigured",
-                                        datasourceURL.isPresent(),
-                                        "datasourceAvailable",
-                                        datasourceAvailable.join(),
-                                        "reportsConfigured",
-                                        false,
-                                        "reportsAvailable",
-                                        false)))
+        return Response.ok(
+                        Map.of(
+                                "cryostatVersion",
+                                String.format("v%s", version),
+                                "dashboardConfigured",
+                                dashboardURL.isPresent(),
+                                "dashboardAvailable",
+                                dashboardAvailable.join(),
+                                "datasourceConfigured",
+                                datasourceURL.isPresent(),
+                                "datasourceAvailable",
+                                datasourceAvailable.join(),
+                                "reportsConfigured",
+                                false,
+                                "reportsAvailable",
+                                false))
                 .build();
     }
 
@@ -114,19 +112,15 @@ public Response grafanaDashboardUrl() {
                 dashboardExternalURL.orElseGet(
                         () -> dashboardURL.orElseThrow(() -> new BadRequestException()));
 
-        return new PermittedResponseBuilder(Response.ok(Map.of("grafanaDashboardUrl", url)))
-                .build();
+        return Response.ok(Map.of("grafanaDashboardUrl", url)).build();
     }
 
     @GET
     @Path("/api/v1/grafana_datasource_url")
     @PermitAll
     @Produces({MediaType.APPLICATION_JSON})
     public Response grafanaDatasourceUrl() {
-        return new PermittedResponseBuilder(
-                        Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL)))
-                .corsSkippedHeaders()
-                .build();
+        return Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL)).build();
     }
 
     private void checkUri(
@@ -140,7 +134,7 @@ private void checkUri(
                 future.complete(false);
                 return;
             }
-            logger.debugv("Testing health of {1}={2} {3}", configProperty, uri.toString(), path);
+            logger.debugv("Testing health of {0}={1} {2}", configProperty, uri.toString(), path);
             HttpRequest<Buffer> req = webClient.get(uri.getHost(), path);
             if (uri.getPort() != -1) {
                 req = req.port(uri.getPort());
@@ -162,34 +156,4 @@ private void checkUri(
             future.complete(false);
         }
     }
-
-    static class PermittedResponseBuilder {
-        private ResponseBuilder builder;
-
-        public PermittedResponseBuilder(ResponseBuilder builder) {
-            this.builder = builder;
-        }
-
-        public ResponseBuilder corsSkippedHeaders() {
-            // TODO @PermitAll annotation seems to skip the CORS filter, so these headers don't get
-            // added. We shouldn't need to add them manually like this and they should not be added
-            // in
-            // prod builds.
-            return this.builder
-                    .header("Access-Control-Allow-Origin", "http://localhost:9000")
-                    .header(
-                            "Access-Control-Allow-Headers",
-                            "accept, origin, authorization, content-type,"
-                                    + " x-requested-with, x-jmx-authorization")
-                    .header(
-                            "Access-Control-Expose-Headers",
-                            "x-www-authenticate, x-jmx-authenticate")
-                    .header("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
-                    .header("Access-Control-Allow-Credentials", "true");
-        }
-
-        public Response build() {
-            return builder.build();
-        }
-    }
 }