Fix "CORS Rejected - Invalid origin" issue when origin header is empty #6988

ahamlat · 2024-04-23T16:44:47Z

PR description

Fix "CORS Rejected - Invalid origin" issue when the origin allowed hosts is set to * and actual origin is empty (not null, but empty).

The regex may appear a bit weird at first glance, but this change is more related to the change in Vertx implementation between 4.3.5 and 4.5.4. This new regex will make sure that Vertx CorsHandler will try to match origin values to that regex.

Vertx 4.3.5 (old regex in Besu is .*)

public CorsHandlerImpl(String allowedOriginPattern) {
    Objects.requireNonNull(allowedOriginPattern);
    if ("*".equals(allowedOriginPattern)) {
      allowedOrigin = null;
    } else {
      allowedOrigin = Pattern.compile(allowedOriginPattern);
    }
    allowedOrigins = null;
  }

Vertx 4.5.4 (regex in Besu is .*://.*)

  public CorsHandler addRelativeOrigin(String origin) {
    Objects.requireNonNull(origin, "'origin' cannot be null");

    if (relativeOrigins == null) {
      if (origin.equals(".*")) {
        // we signal any as null
        return this;
      }
      relativeOrigins = new LinkedHashSet<>();
    } else {
      if (origin.equals(".*")) {
        // we signal any as null
        throw new IllegalStateException("Cannot mix '/.*/' with relative origins");
      }
    }
    relativeOrigins.add(Pattern.compile(origin));
    return this;
  }

Fixed Issue(s)

#6983

Thanks for sending a pull request! Have you done the following?

Checked out our contribution guidelines?
Considered documentation and added the doc-change-required label to this PR if updates are required.
Considered the changelog and included an update if required.
For database changes (e.g. KeyValueSegmentIdentifier) considered compatibility and performed forwards and backwards compatibility tests

Locally, you can run these tests to catch failures early:

unit tests: ./gradlew build
acceptance tests: ./gradlew acceptanceTest
integration tests: ./gradlew integrationTest
reference tests: ./gradlew ethereum:referenceTests:referenceTests

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

hyperledger#6988) Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net> Signed-off-by: Justin Florentine <justin+github@florentine.us>

hyperledger#6988) Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

hyperledger#6988) Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net> Signed-off-by: Justin Florentine <justin+github@florentine.us>

Fix "CORS Rejected - Invalid origin" issue when origin header is empty

34ecc9b

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

ahamlat requested a review from fab-10 April 23, 2024 16:44

fab-10 approved these changes Apr 24, 2024

View reviewed changes

Merge branch 'main' into fix-cors-error-when-origin-empty

020eb02

ahamlat merged commit 27a7de9 into hyperledger:main Apr 24, 2024
42 checks passed

ahamlat mentioned this pull request Apr 29, 2024

Error "CORS Rejected - Invalid origin" on RPC calls #6983

Closed

matthew1001 pushed a commit to kaleido-io/besu that referenced this pull request Jun 7, 2024

Fix "CORS Rejected - Invalid origin" issue when origin header is empty (

fcf59d7

hyperledger#6988) Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix "CORS Rejected - Invalid origin" issue when origin header is empty #6988

Fix "CORS Rejected - Invalid origin" issue when origin header is empty #6988

ahamlat commented Apr 23, 2024 •

edited

Loading

Fix "CORS Rejected - Invalid origin" issue when origin header is empty #6988

Fix "CORS Rejected - Invalid origin" issue when origin header is empty #6988

Conversation

ahamlat commented Apr 23, 2024 • edited Loading

PR description

Fixed Issue(s)

Thanks for sending a pull request! Have you done the following?

Locally, you can run these tests to catch failures early:

ahamlat commented Apr 23, 2024 •

edited

Loading