mirror of
https://gitlab.com/freepascal.org/fpc/source.git
synced 2025-08-18 00:09:23 +02:00
* CORS credentials corrections
git-svn-id: trunk@41624 -
This commit is contained in:
michael
parent
614755f6da
commit
da4d2e2712
@ -160,7 +160,9 @@ Type
|
|||||||
Class Var FIOClass : TRestIOClass;
|
Class Var FIOClass : TRestIOClass;
|
||||||
Class Var FDBHandlerClass : TSQLDBRestDBHandlerClass;
|
Class Var FDBHandlerClass : TSQLDBRestDBHandlerClass;
|
||||||
private
|
private
|
||||||
|
FCORSAllowCredentials: Boolean;
|
||||||
FCORSAllowedOrigins: String;
|
FCORSAllowedOrigins: String;
|
||||||
|
FCORSMaxAge: Integer;
|
||||||
FDispatchOptions: TRestDispatcherOptions;
|
FDispatchOptions: TRestDispatcherOptions;
|
||||||
FInputFormat: String;
|
FInputFormat: String;
|
||||||
FCustomViewResource : TSQLDBRestResource;
|
FCustomViewResource : TSQLDBRestResource;
|
||||||
@ -252,6 +254,7 @@ Type
|
|||||||
// General HTTP handling
|
// General HTTP handling
|
||||||
procedure DoRegisterRoutes; virtual;
|
procedure DoRegisterRoutes; virtual;
|
||||||
procedure DoHandleEvent(IsBefore : Boolean;IO: TRestIO); virtual;
|
procedure DoHandleEvent(IsBefore : Boolean;IO: TRestIO); virtual;
|
||||||
|
function ResolvedCORSAllowedOrigins: String; virtual;
|
||||||
procedure HandleCORSRequest(aConnection: TSQLDBRestConnection; IO: TRestIO); virtual;
|
procedure HandleCORSRequest(aConnection: TSQLDBRestConnection; IO: TRestIO); virtual;
|
||||||
procedure HandleResourceRequest(aConnection : TSQLDBRestConnection; IO: TRestIO); virtual;
|
procedure HandleResourceRequest(aConnection : TSQLDBRestConnection; IO: TRestIO); virtual;
|
||||||
procedure DoHandleRequest(IO: TRestIO); virtual;
|
procedure DoHandleRequest(IO: TRestIO); virtual;
|
||||||
@ -296,6 +299,10 @@ Type
|
|||||||
Property EnforceLimit : Integer Read FEnforceLimit Write FEnforceLimit;
|
Property EnforceLimit : Integer Read FEnforceLimit Write FEnforceLimit;
|
||||||
// Domains that are allowed to use this REST service
|
// Domains that are allowed to use this REST service
|
||||||
Property CORSAllowedOrigins: String Read FCORSAllowedOrigins Write FCORSAllowedOrigins;
|
Property CORSAllowedOrigins: String Read FCORSAllowedOrigins Write FCORSAllowedOrigins;
|
||||||
|
// Access-Control-Max-Age header value. Set to zero not to send the header
|
||||||
|
Property CORSMaxAge : Integer Read FCORSMaxAge Write FCORSMaxAge;
|
||||||
|
// Access-Control-Allow-Credentials header value. Set to zero not to send the header
|
||||||
|
Property CORSAllowCredentials : Boolean Read FCORSAllowCredentials Write FCORSAllowCredentials;
|
||||||
// Called when Basic authentication is sufficient.
|
// Called when Basic authentication is sufficient.
|
||||||
Property OnBasicAuthentication : TBasicAuthenticationEvent Read FOnBasicAuthentication Write FOnBasicAuthentication;
|
Property OnBasicAuthentication : TBasicAuthenticationEvent Read FOnBasicAuthentication Write FOnBasicAuthentication;
|
||||||
// Allow a particular resource or not.
|
// Allow a particular resource or not.
|
||||||
@ -623,6 +630,8 @@ begin
|
|||||||
FOutputOptions:=allOutputOptions;
|
FOutputOptions:=allOutputOptions;
|
||||||
FDispatchOptions:=DefaultDispatcherOptions;
|
FDispatchOptions:=DefaultDispatcherOptions;
|
||||||
FStatus:=CreateRestStatusConfig;
|
FStatus:=CreateRestStatusConfig;
|
||||||
|
FCORSMaxAge:=SecsPerDay;
|
||||||
|
FCORSAllowCredentials:=True;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
destructor TSQLDBRestDispatcher.Destroy;
|
destructor TSQLDBRestDispatcher.Destroy;
|
||||||
@ -683,7 +692,10 @@ Var
|
|||||||
begin
|
begin
|
||||||
Result:=TSQLDBRestResource.Create(Nil);
|
Result:=TSQLDBRestResource.Create(Nil);
|
||||||
Result.ResourceName:='metaData';
|
Result.ResourceName:='metaData';
|
||||||
Result.AllowedOperations:=[roGet];
|
if rdoHandleCORS in DispatchOptions then
|
||||||
|
Result.AllowedOperations:=[roGet,roOptions,roHead]
|
||||||
|
else
|
||||||
|
Result.AllowedOperations:=[roGet,roHead];
|
||||||
Result.Fields.AddField('name',rftString,[foRequired]);
|
Result.Fields.AddField('name',rftString,[foRequired]);
|
||||||
Result.Fields.AddField('schemaName',rftString,[foRequired]);
|
Result.Fields.AddField('schemaName',rftString,[foRequired]);
|
||||||
for O in TRestOperation do
|
for O in TRestOperation do
|
||||||
@ -704,7 +716,10 @@ Var
|
|||||||
begin
|
begin
|
||||||
Result:=TSQLDBRestResource.Create(Nil);
|
Result:=TSQLDBRestResource.Create(Nil);
|
||||||
Result.ResourceName:='metaDataField';
|
Result.ResourceName:='metaDataField';
|
||||||
Result.AllowedOperations:=[roGet];
|
if rdoHandleCORS in DispatchOptions then
|
||||||
|
Result.AllowedOperations:=[roGet,roOptions,roHead]
|
||||||
|
else
|
||||||
|
Result.AllowedOperations:=[roGet,roHead];
|
||||||
Result.Fields.AddField('name',rftString,[]);
|
Result.Fields.AddField('name',rftString,[]);
|
||||||
Result.Fields.AddField('type',rftString,[]);
|
Result.Fields.AddField('type',rftString,[]);
|
||||||
Result.Fields.AddField('maxlen',rftInteger,[]);
|
Result.Fields.AddField('maxlen',rftInteger,[]);
|
||||||
@ -1162,7 +1177,14 @@ begin
|
|||||||
raise ESQLDBRest.Create(FStatus.GetStatusCode(rsInvalidParam), SErrNoSQLStatement); // Should never happen.
|
raise ESQLDBRest.Create(FStatus.GetStatusCode(rsInvalidParam), SErrNoSQLStatement); // Should never happen.
|
||||||
Result:=CreateCustomViewDataset(IO,RN,aOwner);
|
Result:=CreateCustomViewDataset(IO,RN,aOwner);
|
||||||
end
|
end
|
||||||
|
end;
|
||||||
|
|
||||||
|
function TSQLDBRestDispatcher.ResolvedCORSAllowedOrigins: String;
|
||||||
|
|
||||||
|
begin
|
||||||
|
Result:=FCORSAllowedOrigins;
|
||||||
|
if Result='' then
|
||||||
|
Result:='*';
|
||||||
end;
|
end;
|
||||||
|
|
||||||
procedure TSQLDBRestDispatcher.HandleCORSRequest(aConnection : TSQLDBRestConnection; IO : TRestIO);
|
procedure TSQLDBRestDispatcher.HandleCORSRequest(aConnection : TSQLDBRestConnection; IO : TRestIO);
|
||||||
@ -1184,12 +1206,13 @@ begin
|
|||||||
end
|
end
|
||||||
else
|
else
|
||||||
begin
|
begin
|
||||||
S:=FCORSAllowedOrigins;
|
IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins);
|
||||||
if S='' then
|
|
||||||
S:='*';
|
|
||||||
IO.Response.SetCustomHeader('Access-Control-Allow-Origin',S);
|
|
||||||
S:=IO.Resource.GetHTTPAllow;
|
S:=IO.Resource.GetHTTPAllow;
|
||||||
IO.Response.SetCustomHeader('Access-Control-Allow-Methods',S);
|
IO.Response.SetCustomHeader('Access-Control-Allow-Methods',S);
|
||||||
|
IO.Response.SetCustomHeader('Access-Control-Allow-Headers','x-requested-with, content-type, authorization');
|
||||||
|
if CorsMaxAge>0 then
|
||||||
|
IO.Response.SetCustomHeader('Access-Control-Max-Age',IntToStr(CorsMaxAge));
|
||||||
|
IO.Response.SetCustomHeader('Access-Control-Allow-Credentials',BoolToStr(CORSAllowCredentials,'true','false'));
|
||||||
IO.Response.Code:=FStatus.GetStatusCode(rsCORSOK);
|
IO.Response.Code:=FStatus.GetStatusCode(rsCORSOK);
|
||||||
IO.Response.CodeText:='OK';
|
IO.Response.CodeText:='OK';
|
||||||
end;
|
end;
|
||||||
@ -1209,6 +1232,8 @@ begin
|
|||||||
try
|
try
|
||||||
IO.SetConn(Conn,TR);
|
IO.SetConn(Conn,TR);
|
||||||
Try
|
Try
|
||||||
|
if (rdoHandleCORS in DispatchOptions) then
|
||||||
|
IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins);
|
||||||
if not AuthenticateRequest(IO,True) then
|
if not AuthenticateRequest(IO,True) then
|
||||||
exit;
|
exit;
|
||||||
if Not CheckResourceAccess(IO) then
|
if Not CheckResourceAccess(IO) then
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user