From 0839e4e0e9d7674c1d28999577ac0ee7fd8a76bf Mon Sep 17 00:00:00 2001 From: saumyapandyaa <64671058+saumyapandyaa@users.noreply.github.com> Date: Fri, 27 Oct 2023 17:50:45 -0400 Subject: [PATCH] Final issue 109 (#113) * added scheme + updated syntax issues * updated server.xml * fixed automation tests * applied gkwan-ibm-fix * added \n at EOF * removed final cuz final breaks corsIt.java * update readme hotspot + http * fix hotspots * added \ before http * removed extra \ * removed \ from 173 --------- Co-authored-by: Gilbert Kwan --- README.adoc | 28 +++---- finish/src/main/liberty/config/server.xml | 4 +- .../io/openliberty/guides/cors/TestData.java | 80 +++++++++---------- .../io/openliberty/guides/cors/TestData.java | 80 +++++++++---------- 4 files changed, 94 insertions(+), 98 deletions(-) diff --git a/README.adoc b/README.adoc index d9f4f58..b3b8a75 100644 --- a/README.adoc +++ b/README.adoc @@ -113,11 +113,11 @@ The CORS configuration contains the following attributes: [cols="1, 2", options="header"] |=== | *Configuration Attribute* | *Value* -|[hotspot=16 file=0]`domain` | The endpoint to be configured for CORS requests. The value is set to `/configurations/simple`. -|[hotspot=17 file=0]`allowedOrigins` | Origins that are allowed to access the endpoint. The value is set to `openliberty.io`. -|[hotspot=18 file=0]`allowedMethods` | HTTP methods that a client is allowed to use when it makes requests to the endpoint. The value is set to `GET`. -|[hotspot=19 file=0]`allowCredentials` | A boolean that indicates whether the user credentials can be included in the request. The value is set to `true`. -|[hotspot=20 file=0]`exposeHeaders` | Headers that are safe to expose to clients. The value is set to `MyHeader`. +|[hotspot=17 file=0]`domain` | The endpoint to be configured for CORS requests. The value is set to `/configurations/simple`. +|[hotspot=18 file=0]`allowedOrigins` | Origins that are allowed to access the endpoint. The value is set to `\http://openliberty.io`. +|[hotspot=19 file=0]`allowedMethods` | HTTP methods that a client is allowed to use when it makes requests to the endpoint. The value is set to `GET`. +|[hotspot=20 file=0]`allowCredentials` | A boolean that indicates whether the user credentials can be included in the request. The value is set to `true`. +|[hotspot=21 file=0]`exposeHeaders` | Headers that are safe to expose to clients. The value is set to `MyHeader`. |=== For more information about these and other CORS attributes, see the https://www.openliberty.io/docs/latest/reference/config/cors.html[cors element documentation^]. @@ -147,7 +147,7 @@ The request is a [hotspot=get file=1]`GET` HTTP request with the following heade [cols="1, 2", options="header"] |=== | *Request Header* | *Request Value* -| Origin | The value is set to `openliberty.io`. Indicates that the request originates from `openliberty.io`. +| Origin | The value is set to `\http://openliberty.io`. Indicates that the request originates from `\http://openliberty.io`. |=== Expect the following response headers and values if the simple CORS request is successful, and the Liberty instance is correctly configured: @@ -155,7 +155,7 @@ Expect the following response headers and values if the simple CORS request is s [cols="1, 2", options="header"] |=== | *Response Header* | *Response Value* -| Access-Control-Allow-Origin | The expected value is `openliberty.io`. Indicates whether a resource can be shared based on the returning value of the Origin request header `openliberty.io`. +| Access-Control-Allow-Origin | The expected value is `\http://openliberty.io`. Indicates whether a resource can be shared based on the returning value of the Origin request header `\http://openliberty.io`. | Access-Control-Allow-Credentials | The expected value is `true`. Indicates that the user credentials can be included in the request. | Access-Control-Expose-Headers | The expected value is `MyHeader`. Indicates that the header `MyHeader` is safe to expose. |=== @@ -170,7 +170,7 @@ Response headers with their values from the endpoint: --- Simple CORS Request --- Header null = [HTTP/1.1 200 OK] Header Access-Control-Expose-Headers = [MyHeader] -Header Access-Control-Allow-Origin = [openliberty.io] +Header Access-Control-Allow-Origin = [http://openliberty.io] Header Access-Control-Allow-Credentials = [true] Header Content-Length = [22] Header Content-Language = [en-CA] @@ -203,16 +203,16 @@ The preflight CORS configuration has different values than the simple CORS confi [cols="1, 2", options="header"] |=== | *Configuration Attribute* | *Value* -| [hotspot=24 file=0]`domain`|The value is set to `/configurations/preflight` because the `domain` is a different endpoint. -| [hotspot=25 file=0]`allowedOrigins`| Origins that are allowed to access the endpoint. The value is set to an asterisk (*) to allow requests from all origins. -| [hotspot=26 file=0]`allowedMethods`| HTTP methods that a client is allowed to use when it makes requests to the endpoint. The value is set to `OPTIONS, DELETE`. -| [hotspot=27 file=0]`allowCredentials`| A boolean that indicates whether the user credentials can be included in the request. The value is set to `true`. +| [hotspot=25 file=0]`domain`|The value is set to `/configurations/preflight` because the `domain` is a different endpoint. +| [hotspot=26 file=0]`allowedOrigins`| Origins that are allowed to access the endpoint. The value is set to an asterisk (*) to allow requests from all origins. +| [hotspot=27 file=0]`allowedMethods`| HTTP methods that a client is allowed to use when it makes requests to the endpoint. The value is set to `OPTIONS, DELETE`. +| [hotspot=28 file=0]`allowCredentials`| A boolean that indicates whether the user credentials can be included in the request. The value is set to `true`. |=== The following attributes were added: -* [hotspot=28 file=0]`allowedHeaders`: Headers that a client can use in requests. Set the value to `MyOwnHeader1, MyOwnHeader2`. -* [hotspot=29 file=0]`maxAge`: The number of seconds that a client can cache a response to a preflight request. Set the value to `10`. +* [hotspot=29 file=0]`allowedHeaders`: Headers that a client can use in requests. Set the value to `MyOwnHeader1, MyOwnHeader2`. +* [hotspot=30 file=0]`maxAge`: The number of seconds that a client can cache a response to a preflight request. Set the value to `10`. Save the changes to the [hotspot file=0]`server.xml` configuration file. The `/configurations/preflight` endpoint is now ready to be tested with a preflight CORS request. diff --git a/finish/src/main/liberty/config/server.xml b/finish/src/main/liberty/config/server.xml index d7edee4..0a085c6 100644 --- a/finish/src/main/liberty/config/server.xml +++ b/finish/src/main/liberty/config/server.xml @@ -15,7 +15,7 @@ @@ -29,4 +29,4 @@ allowedHeaders="MyOwnHeader1, MyOwnHeader2" maxAge="10"/> - + \ No newline at end of file diff --git a/finish/src/test/java/it/io/openliberty/guides/cors/TestData.java b/finish/src/test/java/it/io/openliberty/guides/cors/TestData.java index f4839e5..17cc384 100644 --- a/finish/src/test/java/it/io/openliberty/guides/cors/TestData.java +++ b/finish/src/test/java/it/io/openliberty/guides/cors/TestData.java @@ -1,15 +1,14 @@ -// tag::comment[] +// tag::copyright[] /******************************************************************************* - * Copyright (c) 2017 IBM Corporation and others. + * Copyright (c) 2017, 2023 IBM Corporation and others. * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 + * are made available under the terms of the Eclipse Public License 2.0 * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html + * http://www.eclipse.org/legal/epl-2.0/ * - * Contributors: - * IBM Corporation - Initial implementation + * SPDX-License-Identifier: EPL-2.0 *******************************************************************************/ -// end::comment[] +// end::copyright[] package it.io.openliberty.guides.cors; import java.util.HashMap; @@ -17,39 +16,38 @@ public class TestData { - public static String REQUEST_HEADER_ORIGIN = "Origin"; - public static String REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; - public static String REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; - - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; - - public static Map simpleRequestHeaders = new HashMap(); - public static Map simpleResponseHeaders = new HashMap(); - - public static Map preflightRequestHeaders = new HashMap(); - public static Map preflightResponseHeaders = new HashMap(); - - static { - simpleRequestHeaders.put(REQUEST_HEADER_ORIGIN, "openliberty.io"); - - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "openliberty.io"); - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, "MyHeader"); - - preflightRequestHeaders.put(REQUEST_HEADER_ORIGIN, "anywebsiteyoulike.com"); - preflightRequestHeaders.put(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "DELETE"); - preflightRequestHeaders.put(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS, "MyOwnHeader2"); - - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "anywebsiteyoulike.com"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, "10"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS, DELETE"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, "MyOwnHeader1, MyOwnHeader2"); - } + static final String ORIGIN = "Origin"; + static final String AC_REQUEST_METHOD = "Access-Control-Request-Method"; + static final String AC_REQUEST_HEADERS = "Access-Control-Request-Headers"; + + static final String AC_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; + static final String AC_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; + static final String AC_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; + static final String AC_MAX_AGE = "Access-Control-Max-Age"; + static final String AC_ALLOW_METHODS = "Access-Control-Allow-Methods"; + static final String AC_ALLOW_HEADERS = "Access-Control-Allow-Headers"; + + static Map simpleRequestHeaders = new HashMap(); + static Map simpleResponseHeaders = new HashMap(); + + static Map preflightRequestHeaders = new HashMap(); + static Map preflightResponseHeaders = new HashMap(); + + static { + simpleRequestHeaders.put(ORIGIN, "http://openliberty.io"); + + simpleResponseHeaders.put(AC_ALLOW_ORIGIN, "http://openliberty.io"); + simpleResponseHeaders.put(AC_ALLOW_CREDENTIALS, "true"); + simpleResponseHeaders.put(AC_EXPOSE_HEADERS, "MyHeader"); + preflightRequestHeaders.put(ORIGIN, "anywebsiteyoulike.com"); + preflightRequestHeaders.put(AC_REQUEST_METHOD, "DELETE"); + preflightRequestHeaders.put(AC_REQUEST_HEADERS, "MyOwnHeader2"); + + preflightResponseHeaders.put(AC_ALLOW_ORIGIN, "anywebsiteyoulike.com"); + preflightResponseHeaders.put(AC_ALLOW_CREDENTIALS, "true"); + preflightResponseHeaders.put(AC_MAX_AGE, "10"); + preflightResponseHeaders.put(AC_ALLOW_METHODS, "OPTIONS, DELETE"); + preflightResponseHeaders.put(AC_ALLOW_HEADERS, "MyOwnHeader1, MyOwnHeader2"); + } } diff --git a/start/src/test/java/it/io/openliberty/guides/cors/TestData.java b/start/src/test/java/it/io/openliberty/guides/cors/TestData.java index f4839e5..17cc384 100644 --- a/start/src/test/java/it/io/openliberty/guides/cors/TestData.java +++ b/start/src/test/java/it/io/openliberty/guides/cors/TestData.java @@ -1,15 +1,14 @@ -// tag::comment[] +// tag::copyright[] /******************************************************************************* - * Copyright (c) 2017 IBM Corporation and others. + * Copyright (c) 2017, 2023 IBM Corporation and others. * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 + * are made available under the terms of the Eclipse Public License 2.0 * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html + * http://www.eclipse.org/legal/epl-2.0/ * - * Contributors: - * IBM Corporation - Initial implementation + * SPDX-License-Identifier: EPL-2.0 *******************************************************************************/ -// end::comment[] +// end::copyright[] package it.io.openliberty.guides.cors; import java.util.HashMap; @@ -17,39 +16,38 @@ public class TestData { - public static String REQUEST_HEADER_ORIGIN = "Origin"; - public static String REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; - public static String REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; - - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; - public static String RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; - - public static Map simpleRequestHeaders = new HashMap(); - public static Map simpleResponseHeaders = new HashMap(); - - public static Map preflightRequestHeaders = new HashMap(); - public static Map preflightResponseHeaders = new HashMap(); - - static { - simpleRequestHeaders.put(REQUEST_HEADER_ORIGIN, "openliberty.io"); - - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "openliberty.io"); - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - simpleResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, "MyHeader"); - - preflightRequestHeaders.put(REQUEST_HEADER_ORIGIN, "anywebsiteyoulike.com"); - preflightRequestHeaders.put(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "DELETE"); - preflightRequestHeaders.put(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS, "MyOwnHeader2"); - - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "anywebsiteyoulike.com"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, "10"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS, DELETE"); - preflightResponseHeaders.put(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, "MyOwnHeader1, MyOwnHeader2"); - } + static final String ORIGIN = "Origin"; + static final String AC_REQUEST_METHOD = "Access-Control-Request-Method"; + static final String AC_REQUEST_HEADERS = "Access-Control-Request-Headers"; + + static final String AC_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; + static final String AC_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; + static final String AC_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; + static final String AC_MAX_AGE = "Access-Control-Max-Age"; + static final String AC_ALLOW_METHODS = "Access-Control-Allow-Methods"; + static final String AC_ALLOW_HEADERS = "Access-Control-Allow-Headers"; + + static Map simpleRequestHeaders = new HashMap(); + static Map simpleResponseHeaders = new HashMap(); + + static Map preflightRequestHeaders = new HashMap(); + static Map preflightResponseHeaders = new HashMap(); + + static { + simpleRequestHeaders.put(ORIGIN, "http://openliberty.io"); + + simpleResponseHeaders.put(AC_ALLOW_ORIGIN, "http://openliberty.io"); + simpleResponseHeaders.put(AC_ALLOW_CREDENTIALS, "true"); + simpleResponseHeaders.put(AC_EXPOSE_HEADERS, "MyHeader"); + preflightRequestHeaders.put(ORIGIN, "anywebsiteyoulike.com"); + preflightRequestHeaders.put(AC_REQUEST_METHOD, "DELETE"); + preflightRequestHeaders.put(AC_REQUEST_HEADERS, "MyOwnHeader2"); + + preflightResponseHeaders.put(AC_ALLOW_ORIGIN, "anywebsiteyoulike.com"); + preflightResponseHeaders.put(AC_ALLOW_CREDENTIALS, "true"); + preflightResponseHeaders.put(AC_MAX_AGE, "10"); + preflightResponseHeaders.put(AC_ALLOW_METHODS, "OPTIONS, DELETE"); + preflightResponseHeaders.put(AC_ALLOW_HEADERS, "MyOwnHeader1, MyOwnHeader2"); + } }