-
-
Notifications
You must be signed in to change notification settings - Fork 771
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix CORS headers not set on exceptions (#1821)
Fixes #1820. Correct error handling in response to CORS. Changes proposed in this pull request: - Add a MiddlewarePosition before Exception handling so CORS is always returned - Add ServerError Middleware to handle unhandled errors between the ServerError- and ExceptionMiddleware - Update corresponding docs --------- Co-authored-by: Robbe Sneyders <[email protected]>
- Loading branch information
1 parent
0857710
commit 0082d7a
Showing
6 changed files
with
123 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import logging | ||
import typing as t | ||
|
||
from starlette.middleware.errors import ( | ||
ServerErrorMiddleware as StarletteServerErrorMiddleware, | ||
) | ||
from starlette.types import ASGIApp | ||
|
||
from connexion.exceptions import InternalServerError | ||
from connexion.lifecycle import ConnexionRequest, ConnexionResponse | ||
from connexion.middleware.exceptions import connexion_wrapper | ||
from connexion.types import MaybeAwaitable | ||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class ServerErrorMiddleware(StarletteServerErrorMiddleware): | ||
"""Subclass of starlette ServerErrorMiddleware to change handling of Unhandled Server | ||
exceptions to existing connexion behavior.""" | ||
|
||
def __init__( | ||
self, | ||
next_app: ASGIApp, | ||
handler: t.Optional[ | ||
t.Callable[[ConnexionRequest, Exception], MaybeAwaitable[ConnexionResponse]] | ||
] = None, | ||
): | ||
handler = connexion_wrapper(handler) if handler else None | ||
super().__init__(next_app, handler=handler) | ||
|
||
@staticmethod | ||
@connexion_wrapper | ||
def error_response(_request: ConnexionRequest, exc: Exception) -> ConnexionResponse: | ||
"""Default handler for any unhandled Exception""" | ||
logger.error("%r", exc, exc_info=exc) | ||
return InternalServerError().to_problem() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import json | ||
|
||
|
||
def test_cors_valid(cors_openapi_app): | ||
app_client = cors_openapi_app.test_client() | ||
origin = "http://localhost" | ||
response = app_client.post("/v1.0/goodday/dan", data={}, headers={"Origin": origin}) | ||
assert response.status_code == 201 | ||
assert "Access-Control-Allow-Origin" in response.headers | ||
assert origin == response.headers["Access-Control-Allow-Origin"] | ||
|
||
|
||
def test_cors_invalid(cors_openapi_app): | ||
app_client = cors_openapi_app.test_client() | ||
response = app_client.options( | ||
"/v1.0/goodday/dan", | ||
headers={"Origin": "http://0.0.0.0", "Access-Control-Request-Method": "POST"}, | ||
) | ||
assert response.status_code == 400 | ||
assert "Access-Control-Allow-Origin" not in response.headers | ||
|
||
|
||
def test_cors_validation_error(cors_openapi_app): | ||
app_client = cors_openapi_app.test_client() | ||
origin = "http://localhost" | ||
response = app_client.post( | ||
"/v1.0/body-not-allowed-additional-properties", | ||
data={}, | ||
headers={"Origin": origin}, | ||
) | ||
assert response.status_code == 400 | ||
assert "Access-Control-Allow-Origin" in response.headers | ||
assert origin == response.headers["Access-Control-Allow-Origin"] | ||
|
||
|
||
def test_cors_server_error(cors_openapi_app): | ||
app_client = cors_openapi_app.test_client() | ||
origin = "http://localhost" | ||
response = app_client.post( | ||
"/v1.0/goodday/noheader", data={}, headers={"Origin": origin} | ||
) | ||
assert response.status_code == 500 | ||
assert "Access-Control-Allow-Origin" in response.headers | ||
assert origin == response.headers["Access-Control-Allow-Origin"] |