-
Notifications
You must be signed in to change notification settings - Fork 892
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inject CORS headers even when server-side errors occur #5632
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like the core logic is well done! Left some coding style comments. 🙇
core/src/main/java/com/linecorp/armeria/server/CorsServerErrorHandler.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/CorsServerErrorHandler.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/ServerBuilder.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/cors/CorsService.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
Could you also make sure to fix all line errors, reported by Checkstyle? |
Question) It looks good to use ctx.mutateAdditionalResponseHeaders(headers -> {
setCorsResponseHeaders(ctx, req, headers);
}); I was wondering what is the advantage when using |
It can inject CORS headers even when a decorator throws an exception before |
core/src/main/java/com/linecorp/armeria/server/CorsServerErrorHandler.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/CorsServerErrorHandler.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/CorsServerErrorHandler.java
Outdated
Show resolved
Hide resolved
Other frameworks seem to use I thought that we could use the same approach. If the decorator in front intercepts the request and returns an exception, CORS headers may not be necessary. That said, I think the current approach is also good. |
I originally also thought of an approach similar to @ikhoon 's idea mainly due to the ease of implementation.
I thought of this case as analogous to the success case. Having said this, I agree with the current approach users have to worry less about the order of the |
@taisey Gentle ping - I think the general consensus here is that the current approache is good and we can continue cleaning up the PR and get it reviewed by other folks. Could you continue working on this PR? |
@trustin Thank you for reaching out to me. If possible, I would like to continue working on this pull request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Left a few minor suggestions. 😉
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
HttpStatus status, @Nullable String description, | ||
@Nullable Throwable cause) { | ||
|
||
final CorsService corsService = serviceConfig.service().as(CorsService.class); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't simply find a CorsService
added by ServerBuilder.decorate()
with .as()
operation.
All decorators would be searched from Router
instead of using .as()
. A possible workaround is to add a helper method to InitialDispatcherService
.
public static class InitialDispatcherService extends SimpleDecoratingHttpService {
@Nullable
public <T extends HttpService> T findService(ServiceRequestContext ctx, Class<? extends T> serviceClass) {
final List<Routed<RouteDecoratingService>> serviceChain = router.findAll(ctx.routingContext());
if (serviceChain.isEmpty()) {
return unwrap().as(serviceClass);
}
for (Routed<RouteDecoratingService> routed : serviceChain) {
if (routed.isPresent()) {
final HttpService service = routed.value().decorator();
final T targetService = service.as(serviceClass);
if (targetService != null) {
return targetService;
}
}
}
return null;
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created #5670
If the PR is merged, we can the code with:
final CorsService corsService = ctx.findService(CorsService.class);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me add a follow-up commit once it's merged. 😄
…ey/armeria into feature/corsHeaderInjection
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look straightforward! Thanks @taisey 👍 🙇 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Left a couple of nits. 😉
core/src/main/java/com/linecorp/armeria/internal/server/CorsHeaderUtil.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/server/cors/CorsServerErrorHanderTest.java
Outdated
Show resolved
Hide resolved
@taisey 👏 👏 👏 👍 👍 👍 |
Motivation:
There is an issue where CORS headers are not added when exceptions occur while using CorsService.
CorsService does not inject CORS headers into error responses
Modifications:
Created CorsServerErrorHandler to inject CORS headers upon exceptions. Created CorsHeaderUtil and refactored CorsService, CorsPolicy.
Result:
CORS headers will be added to responses even if exceptions occur.