这是indexloc提供的服务,不要输入任何密码
Skip to content

add support for multiple domains in cors config (fix #1436) #1536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Feb 14, 2019
Merged

add support for multiple domains in cors config (fix #1436) #1536

merged 10 commits into from
Feb 14, 2019

Conversation

@ecthiender
Copy link
Contributor

@ecthiender ecthiender commented Jan 30, 2019
edited
Loading

Description

Support for multiple domains (as CSV) in the --cors-domain flag and HASURA_GRAPHQL_CORS_DOMAIN env var.

Following are all valid configurations (must include scheme and optional port):

HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080"
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com"
HASURA_GRAPHQL_CORS_DOMAIN="*"
HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com"

Note: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - https://*.foo.com doesn't include https://foo.com.

The default (if the flag or env var is not specified) is *. Which means CORS headers are sent for all domains.

What component does this PR affect?

  • Server
  • Console
  • CLI
  • Docs
  • Community Content
  • Build System

Requires changes from other components? If yes, please mark the components:

  • Server
  • Console
  • CLI
  • Docs
  • Community Content
  • Build System

Related Issue

#1436

Solution and Design

Type

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Docs update
  • Community content

Checklist:

  • I have read the contributing guide and my code conforms to the guidelines.
  • This change requires a change in the documentation.
  • I have updated the documentation accordingly.
  • I have added required tests.

@ecthiender ecthiender added the c/server Related to server label Jan 30, 2019
@ecthiender ecthiender changed the title add support for multiple domains in cors (fix #1436) add support for multiple domains in cors config (fix #1436) Jan 30, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jan 30, 2019

Review app for commit 2e03c8d deployed to Heroku: https://hge-ci-pull-1536.herokuapp.com
Docker image for server: hasura/graphql-engine:pull1536-2e03c8d

@ecthiender ecthiender self-assigned this Jan 31, 2019
@ecthiender ecthiender added the s/do-not-merge Do not merge this pull request to master label Jan 31, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jan 31, 2019

Review app for commit 639b66c deployed to Heroku: https://hge-ci-pull-1536.herokuapp.com
Docker image for server: hasura/graphql-engine:pull1536-639b66c

@ecthiender ecthiender removed the s/do-not-merge Do not merge this pull request to master label Jan 31, 2019
@ecthiender ecthiender requested review from 0x777 and rakeshkky and removed request for rakeshkky January 31, 2019 21:17
@hasura-bot
Copy link
Contributor

hasura-bot commented Jan 31, 2019

Review app for commit 7b3537d deployed to Heroku: https://hge-ci-pull-1536.herokuapp.com
Docker image for server: hasura/graphql-engine:pull1536-7b3537d

rikinsk-zz
rikinsk-zz previously approved these changes Feb 13, 2019
View reviewed changes
Copy link

@rikinsk-zz rikinsk-zz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved cors examples to config-examples page

0x777
0x777 reviewed Feb 13, 2019
View reviewed changes
server/src-lib/Hasura/Server/Cors.hs Outdated
readCorsDomains :: String -> Either String CorsConfig
readCorsDomains str
| str == "*" = pure CCAllowAll
| str == "" || str == "," = Left "invalid domain"
Copy link
Member

@0x777 0x777 Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is not exhaustive (what if the string is " " or ",,"). Why not let the domain parsing logic handle empty strings post the split on ,?

Copy link
Contributor Author

@ecthiender ecthiender Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this check is not necessary. It was remnant of older regex-based parsing logic. Removed it.

@shahidhk shahidhk merged commit 199a24d into hasura:master Feb 14, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Feb 14, 2019

Review app https://hge-ci-pull-1536.herokuapp.com is deleted

hasura-bot pushed a commit that referenced this pull request Jan 16, 2025
@rakeshkky @hasura-bot
Implement field arguments in OpenDd execution (#1536)
c298e87 
<!-- The PR description should answer 2 important questions: -->

### What
Support field arguments in GraphQL frontend to OpenDd IR conversion and
query execution.
### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

V3_GIT_ORIGIN_REV_ID: 6be378e3e7de435845e838975a4b055515fb64e2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahidhk shahidhk shahidhk approved these changes

@0x777 0x777 0x777 approved these changes

@rakeshkky rakeshkky Awaiting requested review from rakeshkky

+1 more reviewer

@rikinsk-zz rikinsk-zz rikinsk-zz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ecthiender ecthiender

Labels

c/server Related to server

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ecthiender @hasura-bot @rikinsk-zz @shahidhk @0x777 @rikinsk