opendev/gerrit
Code Issues Proposed changes

Allow CORS based on site.allowOriginRegex

Browse Source 
Site administrators can configure site.allowOriginRegex to allow web
applications hosted on other sites to make XHR calls to read from
Gerrit's REST API.  This supports creating mashups within an
organization by blessing sibling sites to access Gerrit to read change
data or search results.

Mutation APIs (PUT, POST, DELETE) are currently rejected by not
granting permission to use these methods, nor to send the
X-Gerrit-Auth request header required for XSRF protection.

Change-Id: I90860e619b9d4a3ff9fa2e010cd648a132f56a27
This commit is contained in:
Shawn Pearce
2016-08-23 19:38:58 -07:00
parent 0ddb99c524
commit c896eaa8ae
6 changed files with 296 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpResponse.java
View File

@@ -16,6 +16,7 @@ package com.google.gerrit.acceptance;
import com.google.common.base.Preconditions;
import org.apache.http.Header;
import org.eclipse.jgit.util.IO;
import org.eclipse.jgit.util.RawParseUtils;
@@ -52,7 +53,12 @@ public class HttpResponse {
}
public String getContentType() {
return response.getFirstHeader("X-FYI-Content-Type").getValue();
return getHeader("X-FYI-Content-Type");
}
public String getHeader(String name) {
Header hdr = response.getFirstHeader(name);
return hdr != null ? hdr.getValue() : null;
}
public boolean hasContent() {

6
gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpSession.java
View File

@@ -37,7 +37,11 @@ public class HttpSession {
account.username, account.httpPassword);
}
protected RestResponse execute(Request request) throws IOException {
public String url() {
return url;
}
public RestResponse execute(Request request) throws IOException {
return new RestResponse(executor.execute(request).returnResponse());
}
}

2
gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/RestSession.java
View File

@@ -45,7 +45,7 @@ public class RestSession extends HttpSession {
new BasicHeader(HttpHeaders.ACCEPT, "application/json"));
}
private RestResponse getWithHeader(String endPoint, Header header)
public RestResponse getWithHeader(String endPoint, Header header)
throws IOException {
Request get = Request.Get(url + "/a" + endPoint);
if (header != null) {