-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins: 2.190.2
jenkins-sse-gateway: 1.20
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client.
The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded CORS in src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java.
A better approach would be to get the information from the cors-plugin on initialize.
But shouldn't the SSE request go through the CORS Filter anyway?
[JENKINS-60368] Server Sent Events doesn't work with CORS
Stefan Schletterer
created issue -
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: {{public void doFilter(...)}}{{...}} {{String origin = httpServletRequest.getHeader("Origin");}}{{ httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}}{{ httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}}{{ httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}}{{ httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{ httpServletResponse.setHeader("Access-Control-Max-Age", "1728000");}}{{ }} Better would be to get the cors settings from the plugin: {{cors=Jenkins.instance.pluginManager.plugins.find \{it.getShortName()=='cors-filter' }}} {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} However, I dont know about the performance implications of querying the cors plugin on every request. |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{ {{public void doFilter(...)}}{{...}}}} {{ {{String origin = httpServletRequest.getHeader("Origin");}}}} {{{{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}}}{{...}} {{ }} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} {{cors=Jenkins.instance.pluginManager.plugins.find {it.getShortName()=='cors-filter' }}} {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request? |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{ {{public void doFilter(...)}}{{...}}}} {{ {{String origin = httpServletRequest.getHeader("Origin");}}}} {{{{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}}}} {{{{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}}}{{...}} {{ }} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} {{cors=Jenkins.instance.pluginManager.plugins.find {it.getShortName()=='cors-filter' }}} {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request? |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{public void doFilter(...)}}{{...}} {{String origin = httpServletRequest.getHeader("Origin");}} {{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} {{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} {{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} {{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{...}} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} cors=Jenkins.instance.pluginManager.plugins.find it.getShortName()=='cors-filter' {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request? |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{public void doFilter(...)}}{{...}} {{String origin = httpServletRequest.getHeader("Origin");}} {{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} {{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} {{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} {{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{...}} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} cors=Jenkins.instance.pluginManager.plugins.find it.getShortName()=='cors-filter' {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... However, I dont know about the performance implications of querying the cors plugin on every request. Could you point me in the right direction so I can create a proper pull request? |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{public void doFilter(...)}}{{...}} {{String origin = httpServletRequest.getHeader("Origin");}} {{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} {{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} {{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} {{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{...}} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} cors=Jenkins.instance.pluginManager.plugins.find it.getShortName()=='cors-filter' {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors like this in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{public void doFilter(...)}}{{...}} {{String origin = httpServletRequest.getHeader("Origin");}} {{httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");}} {{httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);}} {{httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");}} {{httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER, LAST-EVENT-ID, Origin, X-Requested-With, Content-Type, Accept");}}{{...}} {{But much better would be to get the cors settings from the plugin, if it is installed and enabled:}} cors=Jenkins.instance.pluginManager.plugins.find it.getShortName()=='cors-filter' {{corsClass=AccessControlsFilter.class}}{{resp.addHeader("Access-Control-Allow-Methods", getDescriptor().getAllowedMethods());}} ... |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{}}{{A slightly better approach would be to get the information from the cors-plugin on initialize.}} But shouldn't the SSE request go through the CORS Filter anyway? |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and hard coded cors in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{}}{{A slightly better approach would be to get the information from the cors-plugin on initialize.}} But shouldn't the SSE request go through the CORS Filter anyway? |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far [we have forked the repo and hard coded cors|[https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java]] in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{}}{{A slightly better approach would be to get the information from the cors-plugin on initialize.}} But shouldn't the SSE request go through the CORS Filter anyway? |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. {{The plugin doesn't use the CORS settings from the CORS plugin. So far [we have forked the repo and hard coded cors|[https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java]] in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*: }} {{}}{{A slightly better approach would be to get the information from the cors-plugin on initialize.}} But shouldn't the SSE request go through the CORS Filter anyway? |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and [hard coded CORS in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*.|https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java] A slightly better approach would be to get the information from the cors-plugin on initialize. But shouldn't the SSE request go through the CORS Filter anyway? |
Stefan Schletterer
made changes -
| Description |
Original:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and [hard coded CORS in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*.|https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java] A slightly better approach would be to get the information from the cors-plugin on initialize. But shouldn't the SSE request go through the CORS Filter anyway? |
New:
We use the CORS plugin to be able to access jenkins content from an HTML REST Client. To receive status updates on our dashboard we use the Jenkins SSE Gateway plugin with the javascript client. The plugin doesn't use the CORS settings from the CORS plugin. So far we have forked the repo and [hard coded CORS in *src\main\java\org\jenkinsci\plugins\ssegateway\Endpoint.java*.|https://github.com/schletti2000/sse-gateway-plugin/blob/feature-cors/src/main/java/org/jenkinsci/plugins/ssegateway/Endpoint.java] A better approach would be to get the information from the cors-plugin on initialize. But shouldn't the SSE request go through the CORS Filter anyway? |