Merge pull request #7387 from appwrite/fix-app-console-hostnames-check-on-refactor-usage-sn
Fix app console hostnames check on refactor usage sn
This commit is contained in:
commit
99c163d217
4 changed files with 60 additions and 10 deletions
2
.env
2
.env
|
@ -4,7 +4,7 @@ _APP_WORKER_PER_CORE=6
|
|||
_APP_CONSOLE_WHITELIST_ROOT=disabled
|
||||
_APP_CONSOLE_WHITELIST_EMAILS=
|
||||
_APP_CONSOLE_WHITELIST_IPS=
|
||||
_APP_CONSOLE_HOSTNAMES=
|
||||
_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io
|
||||
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
||||
_APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
|
||||
_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
|
||||
|
|
|
@ -127,7 +127,7 @@ return [
|
|||
[
|
||||
'name' => '_APP_CONSOLE_HOSTNAMES',
|
||||
'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.',
|
||||
'introduction' => '',
|
||||
'introduction' => '1.5.0',
|
||||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
|
|
20
app/init.php
20
app/init.php
|
@ -81,6 +81,7 @@ use Utopia\Queue\Connection;
|
|||
use Utopia\Storage\Storage;
|
||||
use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub;
|
||||
use Utopia\Validator\Range;
|
||||
use Utopia\Validator\Hostname;
|
||||
use Utopia\Validator\IP;
|
||||
use Utopia\Validator\URL;
|
||||
use Utopia\Validator\WhiteList;
|
||||
|
@ -928,15 +929,18 @@ App::setResource('clients', function ($request, $console, $project) {
|
|||
], Document::SET_TYPE_APPEND);
|
||||
|
||||
$hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', ''));
|
||||
if (is_array($hostnames)) {
|
||||
foreach ($hostnames as $hostname) {
|
||||
$console->setAttribute('platforms', [
|
||||
'$collection' => ID::custom('platforms'),
|
||||
'type' => Origin::CLIENT_TYPE_WEB,
|
||||
'name' => $hostname,
|
||||
'hostname' => $hostname,
|
||||
], Document::SET_TYPE_APPEND);
|
||||
$validator = new Hostname();
|
||||
foreach ($hostnames as $hostname) {
|
||||
$hostname = trim($hostname);
|
||||
if (!$validator->isValid($hostname)) {
|
||||
continue;
|
||||
}
|
||||
$console->setAttribute('platforms', [
|
||||
'$collection' => ID::custom('platforms'),
|
||||
'type' => Origin::CLIENT_TYPE_WEB,
|
||||
'name' => $hostname,
|
||||
'hostname' => $hostname,
|
||||
], Document::SET_TYPE_APPEND);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -171,4 +171,50 @@ class HTTPTest extends Scope
|
|||
|
||||
$this->assertEquals(200, $response['headers']['status-code']);
|
||||
}
|
||||
|
||||
public function testCors()
|
||||
{
|
||||
/**
|
||||
* Test for SUCCESS
|
||||
*/
|
||||
|
||||
$endpoint = '/v1/projects'; // Can be any non-404 route
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint);
|
||||
|
||||
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
|
||||
'origin' => 'http://localhost',
|
||||
]);
|
||||
|
||||
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
|
||||
'origin' => 'http://appwrite.io',
|
||||
]);
|
||||
|
||||
$this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
|
||||
'origin' => 'https://appwrite.io',
|
||||
]);
|
||||
|
||||
$this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
|
||||
'origin' => 'http://cloud.appwrite.io',
|
||||
]);
|
||||
|
||||
$this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']);
|
||||
|
||||
/**
|
||||
* Test for FAILURE
|
||||
*/
|
||||
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
|
||||
'origin' => 'http://google.com',
|
||||
]);
|
||||
|
||||
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue