mudhorn/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2025-03-05 20:59:13 -08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge 258f5e925f into 61aa82865d

Browse source
This commit is contained in:
jub0bs 2025-03-05 21:34:05 +01:00 committed by GitHub
parent 61aa82865d 258f5e925f
commit beefd7d877
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
util/httputil/cors.go
View file

@ -20,14 +20,14 @@ import (
) )
var corsHeaders = map[string]string{ var corsHeaders = map[string]string{
"Access-Control-Allow-Headers": "Accept, Authorization, Content-Type, Origin", "Access-Control-Allow-Headers": "Accept, Authorization, Content-Type",
"Access-Control-Allow-Methods": "GET, POST, OPTIONS", "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
"Access-Control-Expose-Headers": "Date", "Access-Control-Expose-Headers": "Date",
"Vary": "Origin",
} }
// SetCORS enables cross-site script calls. // SetCORS enables cross-origin script calls.
func SetCORS(w http.ResponseWriter, o *regexp.Regexp, r *http.Request) { func SetCORS(w http.ResponseWriter, o *regexp.Regexp, r *http.Request) {
w.Header().Add("Vary", "Origin")
origin := r.Header.Get("Origin") origin := r.Header.Get("Origin")
if origin == "" { if origin == "" {
return return

20
util/httputil/cors_test.go
View file

@ -48,8 +48,10 @@ func TestCORSHandler(t *testing.T) {
resp, err := client.Do(req) resp, err := client.Do(req)
require.NoError(t, err, "client get failed with unexpected error") require.NoError(t, err, "client get failed with unexpected error")
AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin") Vary := resp.Header.Get("Vary")
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin")
require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header") require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header")
// OPTIONS with bad origin // OPTIONS with bad origin
@ -62,4 +64,20 @@ func TestCORSHandler(t *testing.T) {
AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin") AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")
require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set") require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")
Vary = resp.Header.Get("Vary")
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
// OPTIONS with no origin
req, err = http.NewRequest(http.MethodOptions, server.URL+"/any_path", nil)
require.NoError(t, err, "could not create request")
resp, err = client.Do(req)
require.NoError(t, err, "client get failed with unexpected error")
Vary = resp.Header.Get("Vary")
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")
require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")
} }