Giter VIP home page Giter VIP logo

cors-proxy's Introduction

cors-proxy

Description

cors-proxy is an apicast based proxy that manages CORS requests in behalf of a client's apicast gateway. It mainly exists because clients do not correcly setup CORS in their apicast integrations, making CORS requests for the apidocs functionality fail in the 3scale SaaS. To avoid this, cors-proxy sits in the middle of this type of requests and transparently handles CORS so the final user browser does not fail on cross domain requests. This is a very specific scenario that happens with the apidocs functionality, where the user browser, inside a 3scale.net domain, will request the api swagger to the client's api through apicast, in a differen domain.

It works by whitelisting the domains that are allowed to perform requests through cors-proxy by querying the system database. If the domain is whitelisted, cors-proxy will contact the user's apicast to retrieve the swagger api spec and return it to the browser with the proper CORS headers in place. It also hanldes CORS preflight requests.

Configuration

Environment variables

Environmnet variables

Varible Default Purpose
DATABASE_URL N/A [required] system dsn, with format mysql://<user>:<pass>@<host>:<port>/<database>
CORS_PROXY_BALANCER_WHITELIST N/A manually add IPs to the whitelist

Exposed ports

  • Proxy is exposed in port 8080
  • Metrics are exposed in port 9145

Development

Local test execution with docker

  • Unit tests: make docker-busted
  • Integration tests: make docker-prove

Release process

The release process is managed with a CircleCI pipeline. This pipeline can be triggered in two different ways:

  • With every push of code to the repo, the build and test steps of the pipeline wil be executed
  • When an annotated git tag is pushed to the repo that matches the pattern "v.*", the pipeline will execute the build, test and release steps. The release step will push a new image to quay.io/3scale/cors-proxy, tagged with the git tag. It will also tag the image as latest. The recommended way to create a new git annotated tag is to create a new GitHub release in this repository, with all the release information.

cors-proxy image

The cors-proxy image is published to quay.io/3scale/cors-proxy. The image is built using the s2i tool (source to image), using quay.io/3scale/s2i-openresty-centos7 as the builder image. To update the tag of the builder image you will need to change it both in the Makefile (for local image generation) and in the circleci configuration yaml. The builder image is built from this repo.

cors-proxy's People

Contributors

mayorova avatar mikz avatar orimarti avatar roivaz avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

kevprice83 alexxnica kryndex ronan-gloo

cors-proxy's Issues

Record upstream failed connections

We need to record failed connections to the upstream. The idea is to log those upstream calls so we could detect failing backends.

  • The variable $upstream_status should have the upstream response code (#30)
  • The variables $upstream_connect_time and $upstream_response_time are usefull to debug timeouts and $upstream_addr should have the resolved ip address we tried to connect to.

Proxy double-encodes the URI path even if it is already %-encoded

In case the path contains %-encoded characters, the proxy applies encoding again on the value of X-Apidocs-Path with ngx.req.set_uri, so the resulting URL is not correct as it arrives at the API backend.

This is discussed here: openresty/lua-nginx-module#1069

Example:

curl -v -XGET "https://corsproxy.3scale.net/api_docs/proxy" \
    -H 'X-Apidocs-Url: https://echo-api.3scale.net' \
    -H 'X-Apidocs-Path: /api/this%3Dpath%2Cis%3Balready%3Descaped' \
    -H 'X-Apidocs-Method: GET'

Results in /api/this%253Dpath%252Cis%253Balready%253Descaped on the API backend.

Support custom Cache-Control headers

One of the customers reported high latency issue when the request goes to the apidocs proxy.
Is it possible to support custom Cache-control headers through the cors proxy?
Currently apidocs proxy sets Cache-Control header to no-cache.

Let me know if you need any further details.

cc @kevprice83

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.