Move cors allowed_origin check into add_origin

This fixes an issue caused by c4957606cb290a639a4a02fbf648044242c5c207 where the add_origin method would fail if allowed_origin was set to None. This could occur (even if oslo_config_project was also set) if the projects config file contained its own [cors] section anyway. By moving the 'if allowed_origin:' check into add_origin we ensure the function handles the default value if it ever gets called. Change-Id: I643e7a50e62564741fda784846bbdf3eb2bcc715 Closes-bug: #1518112
2015-11-19 18:07:35 -05:00 · 2015-11-19 18:07:35 -05:00 · ba7c9eb706
commit ba7c9eb706
parent 3eeaf4a031
2 changed files with 29 additions and 19 deletions
--- a/oslo_middleware/cors.py
+++ b/oslo_middleware/cors.py
@ -152,13 +152,12 @@ class CORS(base.ConfigurableMiddleware):

        # If the default configuration contains an allowed_origin, don't
        # forget to register that.
-        if allowed_origin:
-            self.add_origin(allowed_origin=allowed_origin,
-                            allow_credentials=allow_credentials,
-                            expose_headers=expose_headers,
-                            max_age=max_age,
-                            allow_methods=allow_methods,
-                            allow_headers=allow_headers)
+        self.add_origin(allowed_origin=allowed_origin,
+                        allow_credentials=allow_credentials,
+                        expose_headers=expose_headers,
+                        max_age=max_age,
+                        allow_methods=allow_methods,
+                        allow_headers=allow_headers)

        # Iterate through all the loaded config sections, looking for ones
        # prefixed with 'cors.'
@ -187,20 +186,21 @@ class CORS(base.ConfigurableMiddleware):
        if isinstance(allowed_origin, six.string_types):
            allowed_origin = [allowed_origin]

-        for origin in allowed_origin:
+        if allowed_origin:
+            for origin in allowed_origin:

-            if origin in self.allowed_origins:
-                LOG.warn('Allowed origin [%s] already exists, skipping' % (
-                    allowed_origin,))
-                continue
+                if origin in self.allowed_origins:
+                    LOG.warn('Allowed origin [%s] already exists, skipping' % (
+                        allowed_origin,))
+                    continue

-            self.allowed_origins[origin] = {
-                'allow_credentials': allow_credentials,
-                'expose_headers': expose_headers,
-                'max_age': max_age,
-                'allow_methods': allow_methods,
-                'allow_headers': allow_headers
-            }
+                self.allowed_origins[origin] = {
+                    'allow_credentials': allow_credentials,
+                    'expose_headers': expose_headers,
+                    'max_age': max_age,
+                    'allow_methods': allow_methods,
+                    'allow_headers': allow_headers
+                }

    def set_latent(self, allow_headers=None, allow_methods=None,
                   expose_headers=None):
--- a/oslo_middleware/tests/test_cors.py
+++ b/oslo_middleware/tests/test_cors.py
@ -164,6 +164,16 @@ class CORSTestFilterFactory(test_base.BaseTestCase):
        '''Assert that a filter factory with oslo_config_project succeed.'''
        cors.filter_factory(global_conf=None, oslo_config_project='foobar')

+    def test_cor_config_sections_with_defaults(self):
+        '''Assert cors.* config sections with default values work.'''
+
+        # Set up the config fixture.
+        config = self.useFixture(fixture.Config(cfg.CONF))
+        config.load_raw_values(group='cors.subdomain')
+
+        # Now that the config is set up, create our application.
+        self.application = cors.CORS(test_application, cfg.CONF)
+
    def test_factory_latent_properties(self):
        '''Assert latent properties in paste.ini config.