Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[main] support adding cross origin resource policy for #1851 #2423

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2708,6 +2708,77 @@ export class SenderTests extends AITestClass {
}
});

this.testCase({
name: 'Users could set the cross-origin header via request',
useFakeTimers: true,
test: () => {
let core = new AppInsightsCore();
let id = this._sender.identifier;
let coreConfig = {
instrumentationKey: 'abc',
isBeaconApiDisabled: true,
extensionConfig: {
[this._sender.identifier]: {
corsPolicy: "cross-origin",
}
}
}
core.initialize(coreConfig, [this._sender]);

let sendBeaconCalled = false;
this.hookSendBeacon((url: string) => {
sendBeaconCalled = true;
return true;
});

const telemetryItem: ITelemetryItem = {
name: 'fake item',
iKey: 'iKey',
baseType: 'some type',
baseData: {}
};

try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}

QUnit.assert.equal(1, this._getXhrRequests().length, "xhr sender is called");
let headers = this._getXhrRequests()[0].requestHeaders;
QUnit.assert.equal(headers['X-Cross-Origin-Resource-Policy'], 'cross-origin');
QUnit.assert.ok(headers.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
QUnit.assert.notOk(this._getXhrRequests()[0].requestHeaders.hasOwnProperty('testHeader'));

// dynamic change
core.config.extensionConfig[this._sender.identifier].corsPolicy = "same-origin";
this.clock.tick(1);
try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}
headers = this._getXhrRequests()[1].requestHeaders;
QUnit.assert.ok(headers.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
QUnit.assert.equal(headers['X-Cross-Origin-Resource-Policy'], 'same-origin');
QUnit.assert.notOk(this._getXhrRequests()[1].requestHeaders.hasOwnProperty('testHeader'));

// dynamic change to null
core.config.extensionConfig[this._sender.identifier].corsPolicy = null;
this.clock.tick(1);
try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}
headers = this._getXhrRequests()[2].requestHeaders;
QUnit.assert.notOk(this._getXhrRequests()[2].requestHeaders.hasOwnProperty('X-Cross-Origin-Resource-Policy'));
}
});

this.testCase({
name: 'Users are allowed to add customHeaders when endpointUrl is not Breeze.',
test: () => {
Expand Down
14 changes: 14 additions & 0 deletions channels/applicationinsights-channel-js/src/Interfaces.ts
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,20 @@ export interface ISenderConfig {
* @since 3.2.0
*/
maxRetryCnt?: number;

/**
* [Optional] Specifies the Cross-Origin Resource Policy (CORP) for the endpoint.
* This value is included in the response header as `Cross-Origin-Resource-Policy`,
* which helps control how resources can be shared across different origins.
*
* Possible values:
* - `same-site`: Allows access only from the same site.
* - `same-origin`: Allows access only from the same origin (protocol, host, and port).
* - `cross-origin`: Allows access from any origin.
*
* @since 3.3.3
*/
corsPolicy?: string;
}

export interface IBackendResponse {
Expand Down
10 changes: 10 additions & 0 deletions channels/applicationinsights-channel-js/src/Sender.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,12 @@ const defaultAppInsightsChannelConfig: IConfigDefaults<ISenderConfig> = objDeepF
alwaysUseXhrOverride: cfgDfBoolean(),
transports: UNDEFINED_VALUE,
retryCodes: UNDEFINED_VALUE,
crossOriginResourcePolicy: UNDEFINED_VALUE,
siyuniu-ms marked this conversation as resolved.
Show resolved Hide resolved
maxRetryCnt: {isVal: isNumber, v:10}
});

const CrossOriginResourcePolicyHeader: string = "X-Cross-Origin-Resource-Policy";

function _chkSampling(value: number) {
return !isNaN(value) && value > 0 && value <= 100;
}
Expand Down Expand Up @@ -268,6 +271,13 @@ export class Sender extends BaseTelemetryPlugin implements IChannelControls {
let ctx = createProcessTelemetryContext(null, config, core);
// getExtCfg only finds undefined values from core
let senderConfig = ctx.getExtCfg(identifier, defaultAppInsightsChannelConfig);
if (senderConfig.corsPolicy){
if (senderConfig.corsPolicy === "same-origin" || senderConfig.corsPolicy === "same-site" || senderConfig.corsPolicy === "cross-origin") {
siyuniu-ms marked this conversation as resolved.
Show resolved Hide resolved
this.addHeader(CrossOriginResourcePolicyHeader, senderConfig.corsPolicy);
}
} else {
delete _headers[CrossOriginResourcePolicyHeader];
}
if(isPromiseLike(senderConfig.endpointUrl)) {
// if it is promise, means the endpoint url is from core.endpointurl
senderConfig.endpointUrl = config.endpointUrl as any;
Expand Down
Loading