diff --git a/site/content/en/docs/reference/plugins/cors.md b/site/content/en/docs/reference/plugins/cors.md index 8e66ab55..5643f40a 100644 --- a/site/content/en/docs/reference/plugins/cors.md +++ b/site/content/en/docs/reference/plugins/cors.md @@ -16,7 +16,7 @@ The `cors` plugin handles Cross-Origin Resource Sharing requests by leveraging E ## Configuration -See the corresponding [Envoy documentation](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter). +See the corresponding [Envoy documentation](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter). Unlike the configuration in Envoy, the `allowOriginStringMatch` and `allowMethods` here are required. ## Usage diff --git a/site/content/zh-hans/docs/reference/plugins/cors.md b/site/content/zh-hans/docs/reference/plugins/cors.md index 53388e21..5137e8c9 100644 --- a/site/content/zh-hans/docs/reference/plugins/cors.md +++ b/site/content/zh-hans/docs/reference/plugins/cors.md @@ -16,7 +16,7 @@ title: CORS ## 配置 -请参阅相应的 [Envoy 文档](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter)。 +请参阅相应的 [Envoy 文档](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter)。注意和 Envoy 默认配置不同,`allowOriginStringMatch` 和 `allowMethods` 是必须的。 ## 用法 diff --git a/types/plugins/cors/config.go b/types/plugins/cors/config.go index f7579b1a..d37fcfa6 100644 --- a/types/plugins/cors/config.go +++ b/types/plugins/cors/config.go @@ -15,6 +15,8 @@ package cors import ( + "fmt" + cors "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" "mosn.io/htnn/api/pkg/filtermanager/api" @@ -44,6 +46,27 @@ func (p *Plugin) Order() plugins.PluginOrder { } } +type CustomConfig struct { + cors.CorsPolicy +} + +func (conf *CustomConfig) Validate() error { + err := conf.CorsPolicy.Validate() + if err != nil { + return err + } + + if len(conf.CorsPolicy.GetAllowOriginStringMatch()) == 0 { + return fmt.Errorf("cors allowOriginStringMatch is required") + } + + if len(conf.CorsPolicy.GetAllowMethods()) == 0 { + return fmt.Errorf("cors allowMethods is required") + } + + return nil +} + func (p *Plugin) Config() api.PluginConfig { - return &cors.CorsPolicy{} + return &CustomConfig{} } diff --git a/types/plugins/cors/config_test.go b/types/plugins/cors/config_test.go new file mode 100644 index 00000000..ed9e9006 --- /dev/null +++ b/types/plugins/cors/config_test.go @@ -0,0 +1,70 @@ +// Copyright The HTNN Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cors + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "google.golang.org/protobuf/encoding/protojson" +) + +func TestConfig(t *testing.T) { + tests := []struct { + name string + input string + err string + }{ + { + name: "validate allowOriginStringMatch", + input: ` +{ + "allowMethods": "POST" +} + `, + err: "cors allowOriginStringMatch is required", + }, + { + name: "validate allowMethods", + input: ` +{ + "allowOriginStringMatch": [ + { + "safeRegex": { + "regex": ".*\\.default\\.local" + } + } + ] +} + `, + err: "cors allowMethods is required", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + conf := &CustomConfig{} + err := protojson.Unmarshal([]byte(tt.input), conf) + if err == nil { + err = conf.Validate() + } + if tt.err == "" { + assert.Nil(t, err) + } else { + assert.ErrorContains(t, err, tt.err) + } + }) + } +}