This is an automated email from the ASF dual-hosted git repository. wenming pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push: new 70bd980 bugfix: avoid overwriting Vary header in cors plugin (#2271) 70bd980 is described below commit 70bd9802c52369b902b6944e3f5f5d18863954b0 Author: 罗泽轩 <spacewander...@gmail.com> AuthorDate: Sun Sep 27 16:43:09 2020 +0800 bugfix: avoid overwriting Vary header in cors plugin (#2271) --- apisix/core/response.lua | 30 +++++++++++++++++++++++++++--- apisix/plugins/cors.lua | 2 +- t/core/response.t | 42 ++++++++++++++++++++++++++++++++++++++++++ t/lib/server.lua | 10 ++++++++++ t/plugin/cors.t | 3 ++- 5 files changed, 82 insertions(+), 5 deletions(-) diff --git a/apisix/core/response.lua b/apisix/core/response.lua index ed0ed00..6276efd 100644 --- a/apisix/core/response.lua +++ b/apisix/core/response.lua @@ -18,6 +18,12 @@ local encode_json = require("cjson.safe").encode local ngx = ngx local ngx_print = ngx.print local ngx_header = ngx.header +local ngx_add_header +if ngx.config.subsystem == "http" then + local ngx_resp = require "ngx.resp" + ngx_add_header = ngx_resp.add_header +end + local error = error local select = select local type = type @@ -85,7 +91,7 @@ function _M.say(...) end -function _M.set_header(...) +local function set_header(append, ...) if ngx.headers_sent then error("headers have already been sent", 2) end @@ -98,18 +104,36 @@ function _M.set_header(...) end for k, v in pairs(headers) do - ngx_header[k] = v + if append then + ngx_add_header(k, v) + else + ngx_header[k] = v + end end return end for i = 1, count, 2 do - ngx_header[select(i, ...)] = select(i + 1, ...) + if append then + ngx_add_header(select(i, ...), select(i + 1, ...)) + else + ngx_header[select(i, ...)] = select(i + 1, ...) + end end end +function _M.set_header(...) + set_header(false, ...) +end + + +function _M.add_header(...) + set_header(true, ...) +end + + function _M.get_upstream_status(ctx) -- $upstream_status maybe including mutiple status, only need the last one return tonumber(str_sub(ctx.var.upstream_status or "", -3)) diff --git a/apisix/plugins/cors.lua b/apisix/plugins/cors.lua index 1cc4ec0..19c01d8 100644 --- a/apisix/plugins/cors.lua +++ b/apisix/plugins/cors.lua @@ -129,7 +129,7 @@ local function set_cors_headers(conf, ctx) core.response.set_header("Access-Control-Allow-Origin", ctx.cors_allow_origins) if ctx.cors_allow_origins ~= "*" then - core.response.set_header("Vary", "Origin") + core.response.add_header("Vary", "Origin") end core.response.set_header("Access-Control-Allow-Methods", allow_methods) diff --git a/t/core/response.t b/t/core/response.t index b8a3cb0..4563305 100644 --- a/t/core/response.t +++ b/t/core/response.t @@ -100,3 +100,45 @@ aaa: bbb ccc: ddd --- no_error_log [error] + + + +=== TEST 5: multiple reponse headers (add) +--- config + location = /t { + access_by_lua_block { + local core = require("apisix.core") + core.response.add_header("aaa", "bbb", "aaa", "bbb") + core.response.exit(200, "done\n") + } + } +--- request +GET /t +--- response_body +done +--- response_headers +aaa: bbb, bbb +--- no_error_log +[error] + + + +=== TEST 6: multiple reponse headers by table (add) +--- config + location = /t { + access_by_lua_block { + local core = require("apisix.core") + core.response.set_header({aaa = "bbb"}) + core.response.add_header({aaa = "bbb", ccc = "ddd"}) + core.response.exit(200, "done\n") + } + } +--- request +GET /t +--- response_body +done +--- response_headers +aaa: bbb, bbb +ccc: ddd +--- no_error_log +[error] diff --git a/t/lib/server.lua b/t/lib/server.lua index 3a0edae..f9fb703 100644 --- a/t/lib/server.lua +++ b/t/lib/server.lua @@ -20,6 +20,15 @@ local json_encode = require("cjson").encode local _M = {} +local function inject_headers() + local hdrs = ngx.req.get_headers() + for k, v in pairs(hdrs) do + if k:sub(1, 5) == "resp-" then + ngx.header[k:sub(6)] = v + end + end +end + function _M.hello() ngx.say("hello world") end @@ -269,6 +278,7 @@ function _M.go() return ngx.exit(404) end + inject_headers() return _M[action]() end diff --git a/t/plugin/cors.t b/t/plugin/cors.t index 4b0b6b1..a0d2e2a 100644 --- a/t/plugin/cors.t +++ b/t/plugin/cors.t @@ -303,11 +303,12 @@ passed GET /hello HTTP/1.1 --- more_headers Origin: http://sub2.domain.com +resp-vary: Via --- response_body hello world --- response_headers Access-Control-Allow-Origin: http://sub2.domain.com -Vary: Origin +Vary: Via, Origin Access-Control-Allow-Methods: GET,POST Access-Control-Allow-Headers: headr1,headr2 Access-Control-Expose-Headers: ex-headr1,ex-headr2