tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6098 from Icinga/fix/improve-cors-implementation 

Clean up CORS implementation
This commit is contained in:
Michael Friedrich 2018-03-19 16:00:36 +01:00 committed by GitHub
parent 5bd69b4a49 c360ca8bb0
commit 064fc80cc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/09-object-types.md
View File

@ -64,9 +64,13 @@ Configuration Attributes:
cipher\_list | String | **Optional.** Cipher list that is allowed. For a list of available ciphers run `openssl ciphers`. Defaults to `ALL:!LOW:!WEAK:!MEDIUM:!EXP:!NULL`.
tls\_protocolmin | String | **Optional.** Minimum TLS protocol version. Must be one of `TLSv1`, `TLSv1.1` or `TLSv1.2`. Defaults to `TLSv1`.
access\_control\_allow\_origin | Array | **Optional.** Specifies an array of origin URLs that may access the API. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin)
access\_control\_allow\_credentials | Boolean | **Optional.** Indicates whether or not the actual request can be made using credentials. Defaults to `true`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials)
access\_control\_allow\_headers | String | **Optional.** Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Defaults to `Authorization`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers)
access\_control\_allow\_methods | String | **Optional.** Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request. Defaults to `GET, POST, PUT, DELETE`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Methods)
access\_control\_allow\_credentials | Boolean | **Deprecated.** Indicates whether or not the actual request can be made using credentials. Defaults to `true`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials)
access\_control\_allow\_headers | String | **Deprecated.** Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Defaults to `Authorization`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers)
access\_control\_allow\_methods | String | **Deprecated.** Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request. Defaults to `GET, POST, PUT, DELETE`. [(MDN docs)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Methods)
The attributes `access_control_allow_credentials`, `access_control_allow_headers` and `access_control_allow_methods`
are controlled by Icinga 2 and are not changeable by config any more.
The ApiListener type expects its certificate files to be in the following locations:

6
doc/16-upgrading-icinga-2.md
View File

@ -7,6 +7,11 @@ Specific version upgrades are described below. Please note that version
updates are incremental. An upgrade from v2.6 to v2.8 requires to
follow the instructions for v2.7 too.
## Upgrading to v2.9 <a id="upgrading-to-2-9"></a>
The CORS attributes `access_control_allow_credentials`, `access_control_allow_headers` and
`access_control_allow_methods` are now controlled by Icinga 2 and are not changeable by config any more.
## Upgrading to v2.8.2 <a id="upgrading-to-2-8-2"></a>
With version 2.8.2 the location of settings formerly found in `/etc/icinga2/init.conf` has changed. They are now
@ -22,7 +27,6 @@ located in the sysconfig, `/etc/sysconfig/icinga2` (RPM) or `/etc/default/icinga
RLimitProcesses | ICINGA2\_RLIMIT\_PROCESSES
RLimitStack | ICINGA2\_RLIMIT\_STACK
## Upgrading to v2.8 <a id="upgrading-to-2-8"></a>
### DB IDO Schema Update to 2.8.0 <a id="upgrading-to-2-8-db-ido"></a>

19
lib/remote/apilistener.ti
View File

@ -49,21 +49,10 @@ class ApiListener : ConfigObject
[config] String ticket_salt;
[config] Array::Ptr access_control_allow_origin {
default {{{ return new Array(); }}}
};
[config] bool access_control_allow_credentials
{
default {{{ return true; }}}
};
[config] String access_control_allow_headers
{
default {{{ return "Authorization"; }}}
};
[config] String access_control_allow_methods
{
default {{{ return "GET, POST, PUT, DELETE"; }}}
};
[config] Array::Ptr access_control_allow_origin;
[config, deprecated] bool access_control_allow_credentials;
[config, deprecated] String access_control_allow_headers;
[config, deprecated] String access_control_allow_methods;
[state, no_user_modify] Timestamp log_message_timestamp;

7
lib/remote/httpserverconnection.cpp
View File

@ -225,16 +225,15 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
}
}
if (listener->GetAccessControlAllowCredentials())
response.AddHeader("Access-Control-Allow-Credentials", "true");
response.AddHeader("Access-Control-Allow-Credentials", "true");
String accessControlRequestMethodHeader = m_CurrentRequest.Headers->Get("access-control-request-method");
if (m_CurrentRequest.RequestMethod == "OPTIONS" && !accessControlRequestMethodHeader.IsEmpty()) {
response.SetStatus(200, "OK");
response.AddHeader("Access-Control-Allow-Methods", listener->GetAccessControlAllowMethods());
response.AddHeader("Access-Control-Allow-Headers", listener->GetAccessControlAllowHeaders());
response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
response.AddHeader("Access-Control-Allow-Headers", "Authorization, X-HTTP-Method-Override");
String msg = "Preflight OK";
response.WriteBody(msg.CStr(), msg.GetLength());