From 0113ff5e9f0b679dd55c4779d0a9b3a4e5fed0fb Mon Sep 17 00:00:00 2001 From: patrick-werner Date: Wed, 7 Aug 2019 13:37:07 +0200 Subject: [PATCH 1/3] fixed CORS support --- .../uhn/fhir/jpa/starter/HapiProperties.java | 5 +++++ .../uhn/fhir/jpa/starter/JpaRestfulServer.java | 18 +++++++++++++----- src/main/resources/hapi.properties | 5 ++++- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java index d15c840..1dc4ca6 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java @@ -42,6 +42,7 @@ public class HapiProperties { static final String TESTER_CONFIG_REFUSE_TO_FETCH_THIRD_PARTY_URLS = "tester.config.refuse_to_fetch_third_party_urls"; static final String CORS_ENABLED = "cors.enabled"; static final String CORS_ALLOWED_ORIGIN = "cors.allowed_origin"; + static final String CORS_ALLOWED_CREDENTIALS = "hapi.properties"; static final String ALLOW_CONTAINS_SEARCHES = "allow_contains_searches"; static final String ALLOW_OVERRIDE_DEFAULT_SEARCH_PARAMS = "allow_override_default_search_params"; static final String EMAIL_FROM = "email.from"; @@ -323,4 +324,8 @@ public class HapiProperties { String value = HapiProperties.getProperty(REUSE_CACHED_SEARCH_RESULTS_MILLIS, "-1"); return Long.valueOf(value); } + + public static Boolean getCorsAllowedCredentials() { + return HapiProperties.getBooleanProperty(CORS_ALLOWED_CREDENTIALS, false); + } } diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/JpaRestfulServer.java b/src/main/java/ca/uhn/fhir/jpa/starter/JpaRestfulServer.java index 4a8a835..ebfbad9 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/JpaRestfulServer.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/JpaRestfulServer.java @@ -28,6 +28,7 @@ import ca.uhn.fhir.rest.server.interceptor.ResponseHighlighterInterceptor; import org.hl7.fhir.dstu3.model.Bundle; import org.hl7.fhir.dstu3.model.Meta; import org.springframework.context.ApplicationContext; +import org.springframework.http.HttpHeaders; import org.springframework.web.cors.CorsConfiguration; import javax.servlet.ServletException; @@ -185,18 +186,25 @@ public class JpaRestfulServer extends RestfulServer { // to your specific needs if (HapiProperties.getCorsEnabled()) { CorsConfiguration config = new CorsConfiguration(); + config.addAllowedHeader(HttpHeaders.ORIGIN); + config.addAllowedHeader(HttpHeaders.ACCEPT); + config.addAllowedHeader(HttpHeaders.CONTENT_TYPE); + config.addAllowedHeader(HttpHeaders.AUTHORIZATION); + config.addAllowedHeader(HttpHeaders.CACHE_CONTROL); config.addAllowedHeader("x-fhir-starter"); - config.addAllowedHeader("Origin"); - config.addAllowedHeader("Accept"); config.addAllowedHeader("X-Requested-With"); - config.addAllowedHeader("Content-Type"); config.addAllowedHeader("Prefer"); - + String allAllowedCORSOrigins = HapiProperties.getCorsAllowedOrigin(); + Arrays.stream(allAllowedCORSOrigins.split(",")).forEach(o -> { + config.addAllowedOrigin(o); + }); config.addAllowedOrigin(HapiProperties.getCorsAllowedOrigin()); config.addExposedHeader("Location"); config.addExposedHeader("Content-Location"); - config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); + config.setAllowedMethods( + Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD")); + config.setAllowCredentials(HapiProperties.getCorsAllowedCredentials()); // Create the interceptor and register it CorsInterceptor interceptor = new CorsInterceptor(config); diff --git a/src/main/resources/hapi.properties b/src/main/resources/hapi.properties index d4bfb35..c4468c3 100644 --- a/src/main/resources/hapi.properties +++ b/src/main/resources/hapi.properties @@ -1,7 +1,7 @@ # Adjust this to set the version of FHIR supported by this server. See # FhirVersionEnum for a list of available constants. Example values include # DSTU2, DSTU3, R4. -fhir_version=R4 +fhir_version=DSTU3 # This is the address that the FHIR server will report as its own address. # If this server will be deployed (for example) to an internet accessible @@ -51,6 +51,9 @@ hibernate.search.default.indexBase=target/lucenefiles hibernate.search.lucene_version=LUCENE_CURRENT tester.config.refuse_to_fetch_third_party_urls=false cors.enabled=true +cors.allowCredentials=true +# Supports multiple, comma separated allowed origin entries +# cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca cors.allowed_origin=* ################################################## From a4949ef08fea770bc8bd08bd688f1a34ff71a943 Mon Sep 17 00:00:00 2001 From: patrick-werner Date: Wed, 7 Aug 2019 13:42:30 +0200 Subject: [PATCH 2/3] switched to R4 --- src/main/resources/hapi.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/hapi.properties b/src/main/resources/hapi.properties index c4468c3..dd7d758 100644 --- a/src/main/resources/hapi.properties +++ b/src/main/resources/hapi.properties @@ -1,7 +1,7 @@ # Adjust this to set the version of FHIR supported by this server. See # FhirVersionEnum for a list of available constants. Example values include # DSTU2, DSTU3, R4. -fhir_version=DSTU3 +fhir_version=R4 # This is the address that the FHIR server will report as its own address. # If this server will be deployed (for example) to an internet accessible From eeaf4b335c7b9b4ba13a32b227da3ec8432ee89c Mon Sep 17 00:00:00 2001 From: patrick-werner Date: Wed, 7 Aug 2019 16:41:39 +0200 Subject: [PATCH 3/3] fixed naming and property constant value --- src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java | 4 ++-- src/main/resources/hapi.properties | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java index 1dc4ca6..40faec3 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java @@ -42,7 +42,7 @@ public class HapiProperties { static final String TESTER_CONFIG_REFUSE_TO_FETCH_THIRD_PARTY_URLS = "tester.config.refuse_to_fetch_third_party_urls"; static final String CORS_ENABLED = "cors.enabled"; static final String CORS_ALLOWED_ORIGIN = "cors.allowed_origin"; - static final String CORS_ALLOWED_CREDENTIALS = "hapi.properties"; + static final String CORS_ALLOW_CREDENTIALS = "cors.allowCredentials"; static final String ALLOW_CONTAINS_SEARCHES = "allow_contains_searches"; static final String ALLOW_OVERRIDE_DEFAULT_SEARCH_PARAMS = "allow_override_default_search_params"; static final String EMAIL_FROM = "email.from"; @@ -326,6 +326,6 @@ public class HapiProperties { } public static Boolean getCorsAllowedCredentials() { - return HapiProperties.getBooleanProperty(CORS_ALLOWED_CREDENTIALS, false); + return HapiProperties.getBooleanProperty(CORS_ALLOW_CREDENTIALS, false); } } diff --git a/src/main/resources/hapi.properties b/src/main/resources/hapi.properties index dd7d758..6a34a06 100644 --- a/src/main/resources/hapi.properties +++ b/src/main/resources/hapi.properties @@ -54,7 +54,7 @@ cors.enabled=true cors.allowCredentials=true # Supports multiple, comma separated allowed origin entries # cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca -cors.allowed_origin=* +cors.allow_origin=* ################################################## # Subscriptions