[JIRA] (JENKINS-60368) Server Sent Events doesn't work with CORS

[sschlet (JIRA)]

Stefan Schletterer created an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Issue Type: Improvement Assignee: Stefan Schletterer Components: sse-gateway-plugin Created: 2019-12-04 16:00 Environment: Jenkins: 2.190.2 jenkins-sse-gateway: 1.20 Priority: Minor Reporter: Stefan Schletterer We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java:  public void doFilter(...)... String origin = httpServletRequest.getHeader("Origin");                    httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");                    httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);                    httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");                    httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");                    httpServletResponse.setHeader("Access-Control-Max-Age", "1728000");    Better would be to get the cors settings from the plugin: cors=Jenkins.instance.pluginManager.plugins.find {it.getShortName()=='cors-filter' } corsClass=AccessControlsFilter.classresp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());   However, I dont know about the performance implications of querying the cors plugin on every request.   Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS

Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client.

{{ The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*:  }} {{ {{ public void doFilter(...)}}{{...}} }} {{ {{ String origin = httpServletRequest.getHeader("Origin");}} }}

{{                      {{ httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} }} {{                      {{ httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} }} {{                      {{ httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} }}

{{                      {{ httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}} }} {{                     httpServletResponse . setHeader("Access-Control-Max-Age", "1728000"); .. }} {{ }}   Better {{But much better would be to get the cors settings from the plugin , if it is installed and enabled : }} {{cors=Jenkins.instance.pluginManager.plugins.find  \ {it.getShortName()=='cors-filter' }}} {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ...   However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request?

Add Comment

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{ {{ public void doFilter(...)}}{{...}} }} {{ {{ String origin = httpServletRequest.getHeader("Origin");}} }} {{ {{ httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} }} {{ {{ httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} }} {{ {{ httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} }}

{{ {{ httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}} }} {{...}} {{  }} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}}

{{ cors=Jenkins.instance.pluginManager.plugins.find  { it.getShortName()=='cors-filter'  }}} {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ...   However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request?

Add Comment

[sschlet (JIRA)]

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{public void doFilter(...)}}{{...}} {{ String origin = httpServletRequest.getHeader("Origin"); }} {{

httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}}

{{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} {{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} {{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{...}}

{{But much A slightly better approach would be to get the cors settings information from the cors- plugin , if it is installed and enabled: on initialize. }} cors=Jenkins.instance.pluginManager.plugins.find  it.getShortName()== But shouldn ' cors-filter'  t the SSE request go through the CORS Filter anyway?

{{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods",   getDescriptor().getAllowedMethods());}} ...

Add Comment

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client.

{{The plugin doesn't use the CORS settings from the CORS plugin. So far [ we have forked the repo and hard coded cors |[https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java]] in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{}}{{A slightly better approach would be to get the information from the cors-plugin on initialize.}} But shouldn't the SSE request go through the CORS Filter anyway?

Add Comment

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client.

{{ The plugin doesn't use the CORS settings from the CORS plugin. So far [ we have forked the repo and [ hard coded cors CORS in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*. | [ https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java] ] in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }}

{{}}{{ A slightly better approach would be to get the information from the cors-plugin on initialize. }} But shouldn't the SSE request go through the CORS Filter anyway?

Add Comment

[sschlet (JIRA)]

Stefan Schletterer updated an issue

Jenkins / JENKINS-60368 Server Sent Events doesn't work with CORS Change By: Stefan Schletterer

We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client.

The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and [hard coded CORS in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*.|https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java] A slightly better approach would be to get the information from the cors-plugin on initialize.

But shouldn't the SSE request go through the CORS Filter anyway?

Add Comment