From a3799e2663d68a244554f2a07e29fcc976302a02 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 15 Mar 2024 10:35:33 -0400 Subject: [PATCH] fix(cors): remove explicit CORS handling, enable in smoketest by config --- compose/cryostat.yml | 4 ++ src/main/java/io/cryostat/Health.java | 74 +++++++-------------------- 2 files changed, 23 insertions(+), 55 deletions(-) diff --git a/compose/cryostat.yml b/compose/cryostat.yml index c42fb185d..fff86fd09 100644 --- a/compose/cryostat.yml +++ b/compose/cryostat.yml @@ -27,6 +27,10 @@ services: environment: QUARKUS_HTTP_HOST: "cryostat" QUARKUS_HTTP_PORT: ${CRYOSTAT_HTTP_PORT} + QUARKUS_HTTP_CORS: "true" + QUARKUS_HTTP_CORS_ORIGINS: /.*/ + QUARKUS_HTTP_CORS_EXPOSED_HEADERS: x-www-authenticate,x-jmx-authenticate + QUARKUS_HTTP_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS: "true" QUARKUS_HIBERNATE_ORM_LOG_SQL: "true" CRYOSTAT_DISCOVERY_JDP_ENABLED: "true" CRYOSTAT_DISCOVERY_PODMAN_ENABLED: "true" diff --git a/src/main/java/io/cryostat/Health.java b/src/main/java/io/cryostat/Health.java index 7884b3b17..4920dc473 100644 --- a/src/main/java/io/cryostat/Health.java +++ b/src/main/java/io/cryostat/Health.java @@ -36,7 +36,6 @@ import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; -import jakarta.ws.rs.core.Response.ResponseBuilder; import org.eclipse.microprofile.config.inject.ConfigProperty; import org.jboss.logging.Logger; @@ -74,23 +73,22 @@ public Response health() { checkUri(datasourceURL, "/", datasourceAvailable); reportsAvailable.complete(false); - return new PermittedResponseBuilder( - Response.ok( - Map.of( - "cryostatVersion", - String.format("v%s", version), - "dashboardConfigured", - dashboardURL.isPresent(), - "dashboardAvailable", - dashboardAvailable.join(), - "datasourceConfigured", - datasourceURL.isPresent(), - "datasourceAvailable", - datasourceAvailable.join(), - "reportsConfigured", - false, - "reportsAvailable", - false))) + return Response.ok( + Map.of( + "cryostatVersion", + String.format("v%s", version), + "dashboardConfigured", + dashboardURL.isPresent(), + "dashboardAvailable", + dashboardAvailable.join(), + "datasourceConfigured", + datasourceURL.isPresent(), + "datasourceAvailable", + datasourceAvailable.join(), + "reportsConfigured", + false, + "reportsAvailable", + false)) .build(); } @@ -114,8 +112,7 @@ public Response grafanaDashboardUrl() { dashboardExternalURL.orElseGet( () -> dashboardURL.orElseThrow(() -> new BadRequestException())); - return new PermittedResponseBuilder(Response.ok(Map.of("grafanaDashboardUrl", url))) - .build(); + return Response.ok(Map.of("grafanaDashboardUrl", url)).build(); } @GET @@ -123,10 +120,7 @@ public Response grafanaDashboardUrl() { @PermitAll @Produces({MediaType.APPLICATION_JSON}) public Response grafanaDatasourceUrl() { - return new PermittedResponseBuilder( - Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL))) - .corsSkippedHeaders() - .build(); + return Response.ok(Map.of("grafanaDatasourceUrl", datasourceURL)).build(); } private void checkUri( @@ -140,7 +134,7 @@ private void checkUri( future.complete(false); return; } - logger.debugv("Testing health of {1}={2} {3}", configProperty, uri.toString(), path); + logger.debugv("Testing health of {0}={1} {2}", configProperty, uri.toString(), path); HttpRequest req = webClient.get(uri.getHost(), path); if (uri.getPort() != -1) { req = req.port(uri.getPort()); @@ -162,34 +156,4 @@ private void checkUri( future.complete(false); } } - - static class PermittedResponseBuilder { - private ResponseBuilder builder; - - public PermittedResponseBuilder(ResponseBuilder builder) { - this.builder = builder; - } - - public ResponseBuilder corsSkippedHeaders() { - // TODO @PermitAll annotation seems to skip the CORS filter, so these headers don't get - // added. We shouldn't need to add them manually like this and they should not be added - // in - // prod builds. - return this.builder - .header("Access-Control-Allow-Origin", "http://localhost:9000") - .header( - "Access-Control-Allow-Headers", - "accept, origin, authorization, content-type," - + " x-requested-with, x-jmx-authorization") - .header( - "Access-Control-Expose-Headers", - "x-www-authenticate, x-jmx-authenticate") - .header("Access-Control-Allow-Methods", "GET,POST,OPTIONS") - .header("Access-Control-Allow-Credentials", "true"); - } - - public Response build() { - return builder.build(); - } - } }