Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[main] support adding cross origin resource policy for #1851 #2423

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

[main] support adding cross origin resource policy for #1851 #2423

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
596ced9
add header
siyuniu-ms Sep 25, 2024
35a5ee9
add test
siyuniu-ms Sep 25, 2024
e703228
Update IConfiguration.ts
siyuniu-ms Sep 25, 2024
e5bc8a3
rename
siyuniu-ms Sep 26, 2024
9a73441
based on comment
siyuniu-ms Sep 27, 2024
6e09f18
Update Sender.tests.ts
siyuniu-ms Sep 27, 2024
49d9486
local variable
siyuniu-ms Sep 27, 2024
2b642ab
Merge branch 'main' into Cross-Origin-Resource-Policy
siyuniu-ms Sep 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions channels/applicationinsights-channel-js/Tests/Unit/src/Sender.tests.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2708,6 +2708,77 @@ export class SenderTests extends AITestClass {
}
});

this.testCase({
name: 'Users could set the cross-origin header via request',
useFakeTimers: true,
test: () => {
let core = new AppInsightsCore();
let id = this._sender.identifier;
let coreConfig = {
instrumentationKey: 'abc',
isBeaconApiDisabled: true,
extensionConfig: {
[this._sender.identifier]: {
corsPolicy: "cross-origin",
}
}
}
core.initialize(coreConfig, [this._sender]);

let sendBeaconCalled = false;
this.hookSendBeacon((url: string) => {
sendBeaconCalled = true;
return true;
});

const telemetryItem: ITelemetryItem = {
name: 'fake item',
iKey: 'iKey',
baseType: 'some type',
baseData: {}
};

try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}

QUnit.assert.equal(1, this._getXhrRequests().length, "xhr sender is called");
let headers = this._getXhrRequests()[0].requestHeaders;
QUnit.assert.equal(headers['X-Cross-Origin-Resource-Policy'], 'cross-origin');
QUnit.assert.ok(headers.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
QUnit.assert.notOk(this._getXhrRequests()[0].requestHeaders.hasOwnProperty('testHeader'));

// dynamic change
core.config.extensionConfig[this._sender.identifier].corsPolicy = "same-origin";
this.clock.tick(1);
try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}
headers = this._getXhrRequests()[1].requestHeaders;
QUnit.assert.ok(headers.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
QUnit.assert.equal(headers['X-Cross-Origin-Resource-Policy'], 'same-origin');
QUnit.assert.notOk(this._getXhrRequests()[1].requestHeaders.hasOwnProperty('testHeader'));

// dynamic change to null
core.config.extensionConfig[this._sender.identifier].corsPolicy = null;
this.clock.tick(1);
try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}
headers = this._getXhrRequests()[2].requestHeaders;
QUnit.assert.notOk(this._getXhrRequests()[2].requestHeaders.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
}
});

this.testCase({
name: 'Users are allowed to add customHeaders when endpointUrl is not Breeze.',
test: () => {
Expand Down
14 changes: 14 additions & 0 deletions channels/applicationinsights-channel-js/src/Interfaces.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,20 @@ export interface ISenderConfig {
* @since 3.2.0
*/
maxRetryCnt?: number;

/**
* [Optional] Specifies the Cross-Origin Resource Policy (CORP) for the endpoint.
* This value is included in the response header as `Cross-Origin-Resource-Policy`,
* which helps control how resources can be shared across different origins.
*
* Possible values:
* - `same-site`: Allows access only from the same site.
* - `same-origin`: Allows access only from the same origin (protocol, host, and port).
* - `cross-origin`: Allows access from any origin.
*
* @since 3.3.3
*/
corsPolicy?: string;
}

export interface IBackendResponse {
Expand Down
11 changes: 11 additions & 0 deletions channels/applicationinsights-channel-js/src/Sender.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,12 @@ const defaultAppInsightsChannelConfig: IConfigDefaults<ISenderConfig> = objDeepF
alwaysUseXhrOverride: cfgDfBoolean(),
transports: UNDEFINED_VALUE,
retryCodes: UNDEFINED_VALUE,
corsPolicy: UNDEFINED_VALUE,
maxRetryCnt: {isVal: isNumber, v:10}
});

const CrossOriginResourcePolicyHeader: string = "X-Cross-Origin-Resource-Policy";

function _chkSampling(value: number) {
return !isNaN(value) && value > 0 && value <= 100;
}
Expand Down Expand Up @@ -268,6 +271,14 @@ export class Sender extends BaseTelemetryPlugin implements IChannelControls {
let ctx = createProcessTelemetryContext(null, config, core);
// getExtCfg only finds undefined values from core
let senderConfig = ctx.getExtCfg(identifier, defaultAppInsightsChannelConfig);
let corsPolicy = senderConfig.corsPolicy;
if (corsPolicy){
if (corsPolicy === "same-origin" || corsPolicy === "same-site" || corsPolicy === "cross-origin") {
this.addHeader(CrossOriginResourcePolicyHeader, corsPolicy);
}
} else {
delete _headers[CrossOriginResourcePolicyHeader];
}
if(isPromiseLike(senderConfig.endpointUrl)) {
// if it is promise, means the endpoint url is from core.endpointurl
senderConfig.endpointUrl = config.endpointUrl as any;
Expand Down
Loading