Skip to content

Commit

Permalink
Handling both http and https origin
Browse files Browse the repository at this point in the history
  • Loading branch information
SachinMali committed Mar 22, 2024
1 parent 0ec275c commit b0e7611
Showing 1 changed file with 3 additions and 16 deletions.
19 changes: 3 additions & 16 deletions dispatcher/src/conf.d/available_vhosts/wknd.vhost
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,6 @@ Include conf.d/variables/custom.vars
# URI dereferencing algorithm is applied at Sling's level, do not decode parameters here
AllowEncodedSlashes NoDecode

RewriteEngine On
RewriteCond %{REQUEST_SCHEME} (.+)
RewriteRule ^ - [E=my_request_scheme:%1]

RewriteCond %{HTTP_HOST} (.+)
RewriteRule ^ - [E=my_request_host:%1]

SetEnvIf Origin "^https?://([^:/]+)" origin_host=$1
Header always set Debug-Request-Or "%{origin_host}e"


# Add header breadcrumbs for help in troubleshooting
<IfModule mod_headers.c>
Header add X-Vhost "publish"
Expand All @@ -50,8 +39,9 @@ Include conf.d/variables/custom.vars

SetEnvIfExpr "req_novary('Access-Control-Request-Method') == '' && %{REQUEST_METHOD} == 'OPTIONS' && req_novary('Origin') != ''" CORSType=invalidpreflight CORSProcessing=false
SetEnvIfExpr "req_novary('Access-Control-Request-Method') != '' && %{REQUEST_METHOD} == 'OPTIONS' && req_novary('Origin') != ''" CORSType=preflight CORSProcessing=true CORSTrusted=false
#SetEnvIfExpr "req_novary('Origin') -strcmatch '%{REQUEST_SCHEME}://%{HTTP_HOST}*'" CORSType=samedomain CORSProcessing=false CORSTrusted=true
SetEnvIfExpr "env('origin_host') == env('my_request_host')" CORSType=samedomain CORSProcessing=false CORSTrusted=true
SetEnvIfExpr "req_novary('Origin') -strcmatch 'https://%{HTTP_HOST}*'" CORSType=samedomain CORSProcessing=false CORSTrusted=true
SetEnvIfExpr "req_novary('Origin') -strcmatch 'http://%{HTTP_HOST}*'" CORSType=samedomain CORSProcessing=false CORSTrusted=true
#SetEnvIfExpr "env('origin_host') == env('my_request_host')" CORSType=samedomain CORSProcessing=false CORSTrusted=true


# For requests that require CORS processing, check if the Origin can be trusted
Expand Down Expand Up @@ -94,9 +84,6 @@ Include conf.d/variables/custom.vars
Header always set Debug-CORSProcessing "false" "expr=reqenv('CORSProcessing') == 'false'"
Header always set Debug-CORSTrusted "false" "expr=reqenv('CORSTrusted') == 'false'"
Header always set Debug-CORSTrusted "true" "expr=reqenv('CORSTrusted') == 'true'"
Header always set Debug-Request-Scheme "%{my_request_scheme}e"
Header always set Debug-Request-Host "%{my_request_host}e"
Header always set Debug-Request-Origin "%{origin_host}e"

# Non-CORS or Not Trusted
Header unset Access-Control-Allow-Credentials "expr=reqenv('CORSProcessing') == 'false' || reqenv('CORSTrusted') == 'false'"
Expand Down

0 comments on commit b0e7611

Please sign in to comment.