Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For OpenAPI, enable CORS. #17

Merged
merged 3 commits into from
Mar 14, 2018
Merged

For OpenAPI, enable CORS. #17

merged 3 commits into from
Mar 14, 2018

Conversation

n3wscott
Copy link
Contributor

@n3wscott n3wscott commented Mar 6, 2018

I wanted to test my new fancy broker with the swagger UI but CORS was not enabled and no way to do it. So I added it.

@jmrodri
Copy link
Contributor

jmrodri commented Mar 7, 2018

What prompted the rename of util.go to writer.go? I only ask because it doesn't seem as generic as a normal writer. Otherwise, the changes seem sane and useful.

@jmrodri
Copy link
Contributor

jmrodri commented Mar 7, 2018

I see what you did, they are now part of the APISurface struct. I'd prefer that if we're making them part of the APISurface they should just be in the apisurface.go.

@n3wscott
Copy link
Contributor Author

n3wscott commented Mar 9, 2018

@jmrodri take another look, thanks!

@jmrodri
Copy link
Contributor

jmrodri commented Mar 9, 2018

@n3wscott I like that. 👍

@jmrodri
Copy link
Contributor

jmrodri commented Mar 9, 2018

LGTM

pmorie
pmorie reviewed Mar 13, 2018
View reviewed changes
Copy link
Owner

@pmorie pmorie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to stall this, maybe someone more familiar with CORS can take a look.

pkg/rest/apisurface.go

if s.EnableCORS {
//Allow CORS here By * or specific origin
w.Header().Set("Access-Control-Allow-Origin", "*")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will you make constants for these in a follow-up PR?

pkg/rest/apisurface.go

// writeResponse will serialize 'object' to the HTTP ResponseWriter
// using the 'code' as the HTTP status code
func (s *APISurface) writeResponse(w http.ResponseWriter, code int, object interface{}) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry a little bit about these methods accumulating logic, but I can't see a better way at this point than making them methods with APISurface as a receiver.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only way i can see is to always pass in the enableCORS as a boolean to the writeResponse. Or you'd have to get fancy with functions or middleware. So I think this is okay.

@pmorie pmorie requested review from carolynvs and lilic March 13, 2018 20:30
carolynvs
carolynvs reviewed Mar 14, 2018
View reviewed changes
pkg/rest/writer.go Outdated

if s.EnableCORS {
//Allow CORS here By * or specific origin
w.Header().Set("Access-Control-Allow-Origin", "*")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to see this value be configurable by the broker, instead of blanket allowing any origin.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you okay with that in a follow-up?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup!

lilic
lilic reviewed Mar 14, 2018
View reviewed changes
pkg/rest/apisurface.go
Metrics *metrics.OSBMetricsCollector
Broker broker.Interface
Metrics *metrics.OSBMetricsCollector
EnableCORS bool
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be great to add some comment docs for this, above this line.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would take the doc comment in a follow-up. Are you LGTM otherwise?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure 👍 But let's wait for @carolynvs as she had a comment.

lilic
lilic approved these changes Mar 14, 2018
View reviewed changes
Copy link
Collaborator

@lilic lilic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@carolynvs
Copy link
Collaborator

LGTM

@carolynvs carolynvs merged commit c0a6a7d into pmorie:master Mar 14, 2018
@n3wscott n3wscott deleted the cors-enable branch March 14, 2018 14:52
jboyd01 pushed a commit to jboyd01/osb-broker-lib that referenced this pull request Apr 17, 2018
@pmorie
Merge pull request pmorie#17 from LiliC/lili/dep-prune
e5dbb5f 
vendor: Cleanup unused files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lilic lilic lilic approved these changes

@carolynvs carolynvs carolynvs left review comments

@pmorie pmorie pmorie left review comments

@jmrodri jmrodri jmrodri left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@n3wscott @jmrodri @carolynvs @pmorie @lilic