-
Notifications
You must be signed in to change notification settings - Fork 117
Enable runtime CORS configuration via environment variables #341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from 28 commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
7c02860
feature/1 added runtime configuration of CORS
captaincoordinates 602e7b5
feature/1 updated documentation
captaincoordinates d2bc362
feature/1 doc updates
captaincoordinates 1e4edd1
feature/1 PR feedback and additional test
captaincoordinates 15c0866
feature/1 removed unwanted async on test
captaincoordinates 1a3c55b
feature/1 updated with PR feedback from stac-fastapi
captaincoordinates ee69347
feature/1 updated documentation
captaincoordinates 939ae13
feature/1 updated documentation
captaincoordinates 973c68c
Merge branch 'master' of https://github.com/stac-utils/stac-fastapi i…
captaincoordinates 1007d52
feature/1 follow pydantic configuration standard
captaincoordinates 9aeb28b
feature/1 fix docs build
captaincoordinates 1d47323
Merge remote-tracking branch 'upstream/master' into feature/1
captaincoordinates 3ff4d10
feature/1 add CORS tests to api tests
captaincoordinates 6f99709
feature/1 removed unnecessary tests
captaincoordinates 2569aee
feature/1 added runtime configuration of CORS
captaincoordinates 4162933
feature/1 updated documentation
captaincoordinates 8736d15
feature/1 PR feedback and additional test
captaincoordinates 1cc8506
feature/1 removed unwanted async on test
captaincoordinates f0e69b5
feature/1 updated with PR feedback from stac-fastapi
captaincoordinates 76f467c
feature/1 updated documentation
captaincoordinates 0dc532f
feature/1 updated documentation
captaincoordinates 205eb6f
feature/1 follow pydantic configuration standard
captaincoordinates bfffddd
feature/1 fix docs build
captaincoordinates a0fa5fc
feature/1 add CORS tests to api tests
captaincoordinates 99fdd85
feature/1 removed unnecessary tests
captaincoordinates 8699c34
Fix intermittent error while loading test data
moradology e23b37e
Merge branch 'master' of https://github.com/stac-utils/stac-fastapi i…
captaincoordinates a749a6a
Merge branch 'feature/1' of https://github.com/moradology/stac-fastap…
captaincoordinates b0e740e
Rename settings (#7)
moradology File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -129,4 +129,7 @@ docs/api/* | |
.envrc | ||
|
||
# Virtualenv | ||
venv | ||
venv | ||
|
||
# IDE | ||
.vscode |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
from copy import deepcopy | ||
from json import dumps | ||
from typing import Final | ||
|
||
from stac_fastapi.api.config import settings | ||
|
||
settings_fallback = deepcopy(settings) | ||
cors_origin_1: Final = "http://permit.one" | ||
cors_origin_2: Final = "http://permit.two" | ||
cors_origin_3: Final = "http://permit.three" | ||
cors_origin_deny: Final = "http://deny.me" | ||
|
||
|
||
def cors_permit_1(): | ||
settings.allow_origins = dumps((cors_origin_1,)) | ||
|
||
|
||
def cors_permit_2(): | ||
settings.allow_origins = dumps((cors_origin_2,)) | ||
|
||
|
||
def cors_permit_3(): | ||
settings.allow_origins = dumps((cors_origin_3,)) | ||
|
||
|
||
def cors_permit_12(): | ||
settings.allow_origins = dumps((cors_origin_1, cors_origin_2)) | ||
|
||
|
||
def cors_permit_123_regex(): | ||
settings.allow_origin_regex = "http\\://permit\\..+" | ||
|
||
|
||
def cors_deny(): | ||
settings.allow_origins = dumps((cors_origin_deny,)) | ||
|
||
|
||
def cors_disable_get(): | ||
settings.allow_methods = dumps( | ||
( | ||
"HEAD", | ||
"POST", | ||
"PUT", | ||
"DELETE", | ||
"CONNECT", | ||
"OPTIONS", | ||
"TRACE", | ||
"PATCH", | ||
) | ||
) | ||
|
||
|
||
def cors_clear_config(): | ||
settings.allow_origins = settings_fallback.allow_origins | ||
settings.allow_methods = settings_fallback.allow_methods | ||
settings.allow_headers = settings_fallback.allow_headers | ||
settings.allow_credentials = settings_fallback.allow_credentials | ||
settings.allow_origin_regex = settings_fallback.allow_origin_regex | ||
settings.expose_headers = settings_fallback.expose_headers | ||
settings.max_age = settings_fallback.max_age |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
from http import HTTPStatus | ||
|
||
from starlette.testclient import TestClient | ||
from tests.cors_support import ( | ||
cors_clear_config, | ||
cors_deny, | ||
cors_origin_1, | ||
cors_origin_deny, | ||
cors_permit_1, | ||
cors_permit_12, | ||
cors_permit_123_regex, | ||
) | ||
from tests.util import build_api | ||
|
||
from stac_fastapi.extensions.core import TokenPaginationExtension | ||
|
||
|
||
def teardown_function(): | ||
cors_clear_config() | ||
|
||
|
||
def _get_api(): | ||
return build_api([TokenPaginationExtension()]) | ||
|
||
|
||
def test_with_default_cors_origin(): | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_1}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert resp.headers["access-control-allow-origin"] == "*" | ||
|
||
|
||
def test_with_match_cors_single(): | ||
cors_permit_1() | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_1}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert resp.headers["access-control-allow-origin"] == cors_origin_1 | ||
|
||
|
||
def test_with_match_cors_double(): | ||
cors_permit_12() | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_1}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert resp.headers["access-control-allow-origin"] == cors_origin_1 | ||
|
||
|
||
def test_with_match_cors_all_regex_match(): | ||
cors_permit_123_regex() | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_1}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert resp.headers["access-control-allow-origin"] == cors_origin_1 | ||
|
||
|
||
def test_with_match_cors_all_regex_mismatch(): | ||
cors_permit_123_regex() | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_deny}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert "access-control-allow-origin" not in resp.headers | ||
|
||
|
||
def test_with_mismatch_cors_origin(): | ||
cors_deny() | ||
api = _get_api() | ||
with TestClient(api.app) as client: | ||
resp = client.get("/conformance", headers={"Origin": cors_origin_1}) | ||
assert resp.status_code == HTTPStatus.OK | ||
assert "access-control-allow-origin" not in resp.headers |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.