diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ca3420c950..cceb5e9446e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## v2.67.2 - 2024-10-30 + +[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.67.1...v2.67.2) + ## v2.67.1 - 2024-10-29 [Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.67.0...v2.67.1) diff --git a/orcid-core/src/main/java/org/orcid/core/web/filters/CorsFilterWeb.java b/orcid-core/src/main/java/org/orcid/core/web/filters/CorsFilterWeb.java index cb396d94486..2e3528fcbdd 100644 --- a/orcid-core/src/main/java/org/orcid/core/web/filters/CorsFilterWeb.java +++ b/orcid-core/src/main/java/org/orcid/core/web/filters/CorsFilterWeb.java @@ -16,45 +16,29 @@ import org.springframework.web.filter.OncePerRequestFilter; /** - * * @author Robert Peters (rcpeters) - * */ public class CorsFilterWeb extends OncePerRequestFilter { @Resource CrossDomainWebManger crossDomainWebManger; - - private static final String LOCALHOST_BASE_URI= "https://localhost"; - private static final String LOCALHOST_ORCID_WEB_BASE_URI = "https://localhost:8443/orcid-web"; - + @Value("${org.orcid.core.baseUri}") private String baseUri; @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - Pattern p = Pattern.compile("^/userStatus\\.json|^/oauth/userinfo|^/oauth/jwks|^/\\.well-known/openid-configuration"); - Matcher m = p.matcher(OrcidUrlManager.getPathWithoutContextPath(request)); - // Allow CORS for all paths from Angular frontend only if we are in local dev env - // All other envs allow CORS only if request path matches one of: - // userStatus.json - // /oauth/userinfo - // /oauth/jwks - // /.well-known/openid-configuration - if (baseUri.equals(LOCALHOST_BASE_URI) || baseUri.equals(LOCALHOST_ORCID_WEB_BASE_URI) || m.matches()) { - if (crossDomainWebManger.allowed(request)) { - String origin = request.getHeader("origin"); - response.addHeader("Access-Control-Allow-Origin", origin); - response.addHeader("Access-Control-Allow-Credentials", "true"); - - if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { - // CORS "pre-flight" request - response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); - response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type,Accept,Authorization,x-csrf-token"); - } + if (crossDomainWebManger.allowed(request)) { + String origin = request.getHeader("origin"); + response.addHeader("Access-Control-Allow-Origin", origin); + response.addHeader("Access-Control-Allow-Credentials", "true"); + + if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { + // CORS "pre-flight" request + response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); + response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type,Accept,Authorization,x-csrf-token"); } - } filterChain.doFilter(request, response); diff --git a/properties/development.properties b/properties/development.properties index acba226a8f0..036dd07a4ae 100644 --- a/properties/development.properties +++ b/properties/development.properties @@ -99,7 +99,7 @@ org.orcid.core.node = 1 org.orcid.core.numberOfNodes = 1 # CORS allowed domains -org.orcid.security.cors.allowed_domains=localhost +org.orcid.security.cors.allowed_domains=dev.orcid.org # Messaging # Replace with tcp://domain.com:61616 in live to point at ActiveMQ location @@ -260,9 +260,10 @@ org.orcid.core.autospam.webhookUrl= #org.orcid.persistence.liquibase.enabled=false org.orcid.persistence.solr.read.only.url=http://localhost:8983/solr - org.orcid.persistence.panoply.cleanup.production=false +#api_limiting_http_request_filter org.orcid.persistence.panoply.papiExceededRate.production=false + # Panoply redshift database org.orcid.core.utils.panoply.driver=com.amazon.redshift.jdbc.Driver org.orcid.core.utils.panoply.maxPoolSize=20