-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#306 Send CORS headers so vscode can use the API #319
Conversation
#306 currently only links to the commit and not this PR. Hopefully my mentioning it in a comment will fix that, so it is easier for people to find this PR. Edit: Seems to have worked. |
d578362
to
a0833d0
Compare
Yup you're right, the issue was instead that the endpoint was not covered by existing CORS mapping patterns. I updated my branch to fix this. |
@berzoidberg Wow! Great find!
from |
@@ -46,6 +46,8 @@ public void addCorsMappings(CorsRegistry registry) { | |||
.allowedOrigins("*"); | |||
registry.addMapping("/api/**") | |||
.allowedOrigins("*"); | |||
registry.addMapping("/vscode/gallery/extensionquery") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution! Shall we extend this to all endpoints in the vscode adapter? That would also cover the endpoints for fetching files.
registry.addMapping("/vscode/gallery/extensionquery") | |
registry.addMapping("/vscode/**") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably a good idea. I didn't look to see what other endpoints might need covered, only addressed what was in the bug.
Upon closer inspection it looks like there are potentially other endpoints also not covered by the @CrossOrigin
annotation. These are:
/vscode/item
/vscode/gallery/publishers/{namespace}/vsextensions/{extension}/{version}/vspackage
I've added a new commit covering your suggested change, as well as adding @CrossOrigin
to the two other endpoints under /vscode/.
Please note that it seems there is also an infrastructure issue blocking CORS headers from being transmitted from the production deployment to clients, as noted by daiyam.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! What I don't understand though is why the WebConfig entry is needed although we already have @CrossOrigin
annotations. Do you know more about that?
The Eclipse Foundation is responsible for the infrastructure. Please create an issue at https://github.com/EclipseFdn/open-vsx.org (CC @mbarbero) |
@berzoidberg could you squash and sign-off your commits, and make sure you have signed the Eclipse Contributor Agreement (https://www.eclipse.org/legal/ECA.php)? |
Unfortunately, I do not. The documentation indicates that |
57f0d8a
to
0558fde
Compare
@crossorigin annotation too remaining vscode adapter endpoints. Signed-off-by: Ber Zoidberg <ber.zoidberg@gmail.com>
0558fde
to
c8c7291
Compare
Done. Took me a second to figure out how to sign-off on a squash :P |
Explicitly instructs Spring to send CORS headers allowing any origin.I haven't tested this, I'm not really a Java developer and am not set up to test this project. However I believe according to the Spring documentation that this will fix the issue at-hand.Fixes #306
I went ahead and set up a test environment, and as noted by daiyam below my original fix was insufficient as Spring already defaulted to all origins. On further investigation I found that the extensionquery endpoint was not covered by the pre-existing CORS mappings as defined in WebConfig.java, due to existing outside of the /api/ endpoint root. I've added two lines to add this endpoint to the CORS mappings, which in my quick test solved the issue.