From 2e1917c1651fff006ddafdac1414b58ca6dcde0d Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Thu, 24 Feb 2022 11:05:53 -0500 Subject: [PATCH 1/2] fix(cors): allow Content-Type headers --- .../io/cryostat/net/web/http/generic/CorsEnablingHandler.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/cryostat/net/web/http/generic/CorsEnablingHandler.java b/src/main/java/io/cryostat/net/web/http/generic/CorsEnablingHandler.java index 28cc443a4b..e3fded0879 100644 --- a/src/main/java/io/cryostat/net/web/http/generic/CorsEnablingHandler.java +++ b/src/main/java/io/cryostat/net/web/http/generic/CorsEnablingHandler.java @@ -52,6 +52,7 @@ import io.vertx.core.http.HttpMethod; import io.vertx.ext.web.RoutingContext; import io.vertx.ext.web.handler.CorsHandler; +import org.apache.http.HttpHeaders; class CorsEnablingHandler implements RequestHandler { protected static final String DEV_ORIGIN = "http://localhost:9000"; @@ -63,8 +64,9 @@ class CorsEnablingHandler implements RequestHandler { this.env = env; this.corsHandler = CorsHandler.create(getOrigin()) - .allowedHeader("Authorization") + .allowedHeader(HttpHeaders.AUTHORIZATION) .allowedHeader(AbstractAuthenticatedRequestHandler.JMX_AUTHORIZATION_HEADER) + .allowedHeader(HttpHeaders.CONTENT_TYPE) .allowedMethod(HttpMethod.GET) .allowedMethod(HttpMethod.POST) .allowedMethod(HttpMethod.PATCH) From 17c0f4e0e5dfd233989f1206aefb21eb1a0717f7 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 9 Mar 2022 10:51:36 -0500 Subject: [PATCH 2/2] test(cors): update unit test to expect Content-Type header allowed --- .../cryostat/net/web/http/generic/CorsEnablingHandlerTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/io/cryostat/net/web/http/generic/CorsEnablingHandlerTest.java b/src/test/java/io/cryostat/net/web/http/generic/CorsEnablingHandlerTest.java index 813fdf847a..ad4e61cb6d 100644 --- a/src/test/java/io/cryostat/net/web/http/generic/CorsEnablingHandlerTest.java +++ b/src/test/java/io/cryostat/net/web/http/generic/CorsEnablingHandlerTest.java @@ -161,7 +161,7 @@ void shouldRespondOKToOPTIONSWithAcceptedMethod(HttpMethod method) { Mockito.verify(res) .putHeader( HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, - "Authorization,X-JMX-Authorization"); + "Authorization,X-JMX-Authorization,Content-Type"); Mockito.verify(res).setStatusCode(200); Mockito.verify(res).end(); Mockito.verifyNoMoreInteractions(res);