Browse Source

Bug 24369: Add CORS support to output_with_http_headers()

This patch adds CORS support to output_with_headers(). It will use the
AccessControlAllowOrigin syspref to pick the value and set the Access-Control-Allow-Origin header.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/Output.t
SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
20.05.x
Tomas Cohen Arazi 2 years ago
committed by Martin Renvoize
parent
commit
c951f8e06a
Signed by: martin.renvoize GPG Key ID: 422B469130441A0F
  1. 2
      C4/Output.pm
  2. 58
      t/Output.t

2
C4/Output.pm

@ -274,6 +274,8 @@ sub output_with_http_headers {
'X-Frame-Options' => 'SAMEORIGIN',
};
$options->{expires} = 'now' if $extra_options->{force_no_caching};
$options->{'Access-Control-Allow-Origin'} = C4::Context->preference('AccessControlAllowOrigin')
if C4::Context->preference('AccessControlAllowOrigin');
$options->{cookie} = $cookie if $cookie;
if ($content_type eq 'html') { # guaranteed to be one of the content_type_map keys, else we'd have died

58
t/Output.t

@ -1,12 +1,28 @@
#!/usr/bin/perl
use strict;
use warnings;
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Test::More tests => 6;
use Modern::Perl;
use Test::More tests => 7;
use Test::Warn;
use CGI qw ( -utf8 );
use t::lib::Mocks;
BEGIN {
use_ok('C4::Output');
}
@ -41,3 +57,39 @@ subtest 'parametrized_url' => sub {
is( $res, 'https://somesite.com/search?q=_title_&author=',
'Title replaced, author empty and SUFFIX removed' );
};
subtest 'output_with_http_headers() tests' => sub {
plan tests => 4;
local *STDOUT;
my $stdout;
my $query = CGI->new();
my $cookie;
my $output = 'foobarbaz';
open STDOUT, '>', \$stdout;
t::lib::Mocks::mock_preference('AccessControlAllowOrigin','');
output_html_with_http_headers $query, $cookie, $output, undef;
unlike($stdout, qr/Access-control-allow-origin/, 'No header set if no value on syspref');
close STDOUT;
open STDOUT, '>', \$stdout;
t::lib::Mocks::mock_preference('AccessControlAllowOrigin',undef);
output_html_with_http_headers $query, $cookie, $output, undef;
unlike($stdout, qr/Access-control-allow-origin/, 'No header set if no value on syspref');
close STDOUT;
open STDOUT, '>', \$stdout;
t::lib::Mocks::mock_preference('AccessControlAllowOrigin','*');
output_html_with_http_headers $query, $cookie, $output, undef;
like($stdout, qr/Access-control-allow-origin: \*/, 'Header set to *');
close STDOUT;
open STDOUT, '>', \$stdout;
t::lib::Mocks::mock_preference('AccessControlAllowOrigin','https://koha-community.org');
output_html_with_http_headers $query, $cookie, $output, undef;
like($stdout, qr/Access-control-allow-origin: https:\/\/koha-community\.org/, 'Header set to https://koha-community.org');
close STDOUT;
};
Loading…
Cancel
Save