Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sitecore-jss-nextjs][sitecore-jss] multi-origin CORS validation for next editing middlewares #1798

Merged
merged 6 commits into from
May 20, 2024
Merged

[sitecore-jss-nextjs][sitecore-jss] multi-origin CORS validation for next editing middlewares #1798

merged 6 commits into from
May 20, 2024

Conversation

art-alexeyenko
Copy link
Contributor

@art-alexeyenko art-alexeyenko commented May 19, 2024
edited
Loading

Description / Motivation

CORS configuration through next config only allows to set a single allowed origin - or a wildcard.
JSS editing API endpoints require a more sophisticated configuration. This PR adds a function to validate incoming origin against multiple possible values, with an option to configure more allowed origins through env variable.
It also applies this CORS validation function to editing middleware handlers:

  • ensures handler stops execution when incoming request's origin does not match allowed origins list
  • Sitecore Pages' hostnames are tested against by default

Testing Details

  • Unit Test Added
  • Manual Test/Other (Please elaborate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

@art-alexeyenko art-alexeyenko requested a review from a team May 19, 2024 22:47
illiakovalenko
illiakovalenko requested changes May 20, 2024
View reviewed changes
Copy link
Contributor

@illiakovalenko illiakovalenko left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice! See some comments below
Please, update the CHANGELOG as well

packages/sitecore-jss/src/utils/utils.ts Show resolved Hide resolved
packages/sitecore-jss/src/utils/utils.ts Outdated Show resolved Hide resolved
packages/sitecore-jss/src/utils/utils.test.ts Show resolved Hide resolved
packages/sitecore-jss-nextjs/src/editing/feaas-render-middleware.ts Show resolved Hide resolved
packages/sitecore-jss-nextjs/src/editing/editing-config-middleware.ts Outdated Show resolved Hide resolved
illiakovalenko
illiakovalenko approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@illiakovalenko illiakovalenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great 👍

yavorsk
yavorsk approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@yavorsk yavorsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@art-alexeyenko art-alexeyenko merged commit 1a8ceb5 into dev May 20, 2024
1 check passed
@art-alexeyenko art-alexeyenko deleted the bug/jss-1872-editing-config-api-cors branch May 20, 2024 15:27
@art-alexeyenko art-alexeyenko mentioned this pull request May 20, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@illiakovalenko illiakovalenko illiakovalenko approved these changes

@yavorsk yavorsk yavorsk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@art-alexeyenko @yavorsk @illiakovalenko