From ba7c9eb70682d6c131a4525b19a3fbbd6f4067b8 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Thu, 19 Nov 2015 18:07:35 -0500 Subject: Move cors allowed_origin check into add_origin This fixes an issue caused by c4957606cb290a639a4a02fbf648044242c5c207 where the add_origin method would fail if allowed_origin was set to None. This could occur (even if oslo_config_project was also set) if the projects config file contained its own [cors] section anyway. By moving the 'if allowed_origin:' check into add_origin we ensure the function handles the default value if it ever gets called. Change-Id: I643e7a50e62564741fda784846bbdf3eb2bcc715 Closes-bug: #1518112 --- oslo_middleware/cors.py | 42 +++++++++++++++++++------------------- oslo_middleware/tests/test_cors.py | 10 +++++++++ 2 files changed, 31 insertions(+), 21 deletions(-) diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py index b91fabd..59451b2 100644 --- a/oslo_middleware/cors.py +++ b/oslo_middleware/cors.py @@ -152,13 +152,12 @@ class CORS(base.ConfigurableMiddleware): # If the default configuration contains an allowed_origin, don't # forget to register that. - if allowed_origin: - self.add_origin(allowed_origin=allowed_origin, - allow_credentials=allow_credentials, - expose_headers=expose_headers, - max_age=max_age, - allow_methods=allow_methods, - allow_headers=allow_headers) + self.add_origin(allowed_origin=allowed_origin, + allow_credentials=allow_credentials, + expose_headers=expose_headers, + max_age=max_age, + allow_methods=allow_methods, + allow_headers=allow_headers) # Iterate through all the loaded config sections, looking for ones # prefixed with 'cors.' @@ -187,20 +186,21 @@ class CORS(base.ConfigurableMiddleware): if isinstance(allowed_origin, six.string_types): allowed_origin = [allowed_origin] - for origin in allowed_origin: - - if origin in self.allowed_origins: - LOG.warn('Allowed origin [%s] already exists, skipping' % ( - allowed_origin,)) - continue - - self.allowed_origins[origin] = { - 'allow_credentials': allow_credentials, - 'expose_headers': expose_headers, - 'max_age': max_age, - 'allow_methods': allow_methods, - 'allow_headers': allow_headers - } + if allowed_origin: + for origin in allowed_origin: + + if origin in self.allowed_origins: + LOG.warn('Allowed origin [%s] already exists, skipping' % ( + allowed_origin,)) + continue + + self.allowed_origins[origin] = { + 'allow_credentials': allow_credentials, + 'expose_headers': expose_headers, + 'max_age': max_age, + 'allow_methods': allow_methods, + 'allow_headers': allow_headers + } def set_latent(self, allow_headers=None, allow_methods=None, expose_headers=None): diff --git a/oslo_middleware/tests/test_cors.py b/oslo_middleware/tests/test_cors.py index e47c5d8..de91c34 100644 --- a/oslo_middleware/tests/test_cors.py +++ b/oslo_middleware/tests/test_cors.py @@ -164,6 +164,16 @@ class CORSTestFilterFactory(test_base.BaseTestCase): '''Assert that a filter factory with oslo_config_project succeed.''' cors.filter_factory(global_conf=None, oslo_config_project='foobar') + def test_cor_config_sections_with_defaults(self): + '''Assert cors.* config sections with default values work.''' + + # Set up the config fixture. + config = self.useFixture(fixture.Config(cfg.CONF)) + config.load_raw_values(group='cors.subdomain') + + # Now that the config is set up, create our application. + self.application = cors.CORS(test_application, cfg.CONF) + def test_factory_latent_properties(self): '''Assert latent properties in paste.ini config. -- cgit v1.2.1