Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not store CORS headers in output cache #896

Merged
merged 1 commit into from
Oct 18, 2024
Merged

Do not store CORS headers in output cache #896

merged 1 commit into from
Oct 18, 2024

Conversation

gajdusek
Copy link
Contributor

Ensure that that dynamic Access-Control-Allow-Origin header is not cached.

  • Remove Access-Control-Allow-Origin header before saving to cache
  • Add Access-Control-Allow-Origin dynamically when serving cached responses based on the incoming request's Origin

This resolves issue (#895) with CORS headers being cached alongside GraphQL responses, which could cause incorrect Access-Control-Allow-Origin values for clients with different origins.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 17, 2024
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@gajdusek
Copy link
Contributor Author

This does not fix the issue entirely. I am experiencing responses with missing Access-Control-Allow-Origin. Going to look into it.

@gajdusek gajdusek force-pushed the fix/output-cache-cors branch from c130c8c to 606d7c8 Compare October 17, 2024 15:54
@gajdusek
Fix CORS header caching in GraphQL responses
7fb17e2 
Ensure that that dynamic Access-Control-Allow-Origin header is not cached.

- Remove Access-Control-Allow-Origin header before saving to cache
- Add Access-Control-Allow-Origin dynamically when serving cached responses
  based on the incoming request's Origin

This resolves issues with CORS headers being cached alongside GraphQL
responses, which could cause incorrect Access-Control-Allow-Origin values
for clients with different origins.
@gajdusek gajdusek force-pushed the fix/output-cache-cors branch from 606d7c8 to 7fb17e2 Compare October 17, 2024 16:27
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@gajdusek
Copy link
Contributor Author

This does not fix the issue entirely. I am experiencing responses with missing Access-Control-Allow-Origin. Going to look into it.

It's fixed.

@gajdusek
Copy link
Contributor Author

I have read the CLA Document and I hereby sign the CLA

@gajdusek gajdusek changed the title Fix CORS header caching in GraphQL responses Prevent CORS header caching in GraphQL responses Oct 17, 2024
@gajdusek gajdusek changed the title Prevent CORS header caching in GraphQL responses Do not store CORS headers in output cache Oct 17, 2024
@mcop1 mcop1 self-assigned this Oct 18, 2024
@mcop1 mcop1 added the Bug label Oct 18, 2024
@mcop1 mcop1 changed the base branch from 1.x to 1.8 October 18, 2024 10:03
@mcop1 mcop1 changed the base branch from 1.8 to 1.x October 18, 2024 10:03
@mcop1
Copy link
Contributor

mcop1 commented Oct 18, 2024

LGTM, thank you!

@mcop1 mcop1 merged commit 029f58c into pimcore:1.x Oct 18, 2024
10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Oct 18, 2024
@mcop1 mcop1 added this to the 1.8.3 milestone Oct 18, 2024
@mcop1
Copy link
Contributor

mcop1 commented Oct 18, 2024

Cherry picked to 1.8 -> b71636a

@mcop1 mcop1 linked an issue Oct 18, 2024 that may be closed by this pull request
[Bug]: CORS is broken when GraphQL output cache is enabled (dynamic Access-Control-Allow-Origin header gets cached) #895
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@mcop1 mcop1

Labels
Bug
Projects
None yet
Milestone
1.8.3
2 participants
@gajdusek @mcop1