search

davidtinker / grails-cors

Grails plugin to add Cross-Origin Resource Sharing (CORS) headers
38 stars 21 forks source link

Problem with external properties in production mode #31

Open JcrGit opened 9 years ago

JcrGit commented 9 years ago

Hi,

We use grails cors plugin in our project and we have seen a strange issue :

When I wrote in config.groovy : cors.url.pattern = '/beer/_' cors.allow.origin.regex='._mon.domaine.autorise([/].*)?

And started application (in dev mode and prod mode), I have tested theses cases :

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/immortalCats => No headers in response

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.non.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => No headers in response

==> All is good.

But we need to externalise params in config.properties; we wrote this in config.properties and suppressed it from config.groovy : cors.url.pattern = '/beer/_' cors.allow.origin.regex='._mon.domaine.autorise([/].*)?

When the application starts in prod mode we have these results :

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/immortalCats => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.non.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.non.autorise/authenticationFom/ Access-Control-Allow-Origin: true

==> It's like the plugin don't see the params and make a default comportment. Could you test it ?

PS : We use grails 2.2 and grails cors plugin 1.1.6 and standards grails mechanincs for properties.

davidtinker commented 9 years ago

Hmm. I will have a look. I haven't ever used an external properties file for a Grails app, only external .groovy files.

On Thu, Nov 27, 2014 at 12:43 PM, JcrGit notifications@github.com wrote:

Hi,

We use grails cors plugin in our project and we have seen a strange issue :

When I wrote in config.groovy : cors.url.pattern = '/beer/ _' cors.allow.origin.regex='._mon.domaine.autorise([/].*)?

And started application (in dev mode and prod mode), I have tested theses cases :

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/immortalCats => No headers in response

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.non.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => No headers in response

==> All is good.

But we need to externalise params in config.properties; we wrote this in config.properties and suppressed it from config.groovy : cors.url.pattern = '/beer/ _' cors.allow.origin.regex='._mon.domaine.autorise([/].*)?

When the application starts in prod mode we have these results :

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/immortalCats => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.autorise/authenticationFom/ Access-Control-Allow-Origin: true

curl -H "Origin: http://mon.domaine.non.autorise/authenticationFom/" --verbose http://sf713606.societe.mma.fr:8084/applicationBlanche/beer/show/1 => headers in response : Access-Control-Allow-Origin: http://mon.domaine.non.autorise/authenticationFom/ Access-Control-Allow-Origin: true

==> It's like the plugin don't see the params and make a default comportment. Could you test it ?

PS : We use grails 2.2 and grails cors plugin 1.1.6 and standards grails mechanincs for properties.

— Reply to this email directly or view it on GitHub https://github.com/davidtinker/grails-cors/issues/31.

http://qdb.io/ Persistent Message Queues With Replay and #RabbitMQ Integration

JcrGit commented 9 years ago

Thx ;)

JcrGit commented 9 years ago

Hi David, have you looked at this problem ?

Thx.

JcrGit commented 9 years ago

Up

JcrGit commented 9 years ago

Up

ctoestreich commented 9 years ago

Added pull request https://github.com/davidtinker/grails-cors/pull/35