When allowed_origins is "*" use that in response (#2289)

4 years ago · 67d789cb6d
parent 24cf580045
commit 67d789cb6d
2 changed files with 17 additions and 1 deletions
--- a/internal/daemon/controller/cors_test.go
+++ b/internal/daemon/controller/cors_test.go
@ -76,6 +76,15 @@ func TestHandler_CORS(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	var wildcardListenerNum int
+	for listenerNum, listener := range cfg.Listeners {
+		if len(listener.CorsAllowedOrigins) == 1 && listener.CorsAllowedOrigins[0] == "*" {
+			wildcardListenerNum = listenerNum
+			break
+		}
+	}
+
 	tc := NewTestController(t, &TestControllerOpts{
 		Config:                       cfg,
 		DisableAuthorizationFailures: true,
@ -256,7 +265,11 @@ func TestHandler_CORS(t *testing.T) {

 			// If origin was set and we expect it to be successful, run some more checks
 			if c.origin != "" && c.code == http.StatusOK && c.listenerNum > 1 {
-				assert.Equal(t, c.origin, resp.HttpResponse().Header.Get("Access-Control-Allow-Origin"))
+				expOrigin := c.origin
+				if c.listenerNum == wildcardListenerNum {
+					expOrigin = "*"
+				}
+				assert.Equal(t, expOrigin, resp.HttpResponse().Header.Get("Access-Control-Allow-Origin"))
 				assert.Equal(t, "Origin", resp.HttpResponse().Header.Get("Vary"))
 			}
 		})
--- a/internal/daemon/controller/handler.go
+++ b/internal/daemon/controller/handler.go
@ -419,6 +419,9 @@ func wrapHandlerWithCors(h http.Handler, props HandlerProperties) http.Handler {

 		case len(allowedOrigins) == 1 && allowedOrigins[0] == "*":
 			valid = true
+			// When allowed origins is "*" we want to return that rather than
+			// round-tripping any user-specified value
+			origin = "*"

 		default:
 			valid = strutil.StrListContains(allowedOrigins, origin)