Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[main] support adding cross origin resource policy for #1851 #2423

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2708,6 +2708,65 @@ export class SenderTests extends AITestClass {
}
});

this.testCase({
name: 'Users could set the cross-origin header via request',
useFakeTimers: true,
test: () => {
let core = new AppInsightsCore();
let id = this._sender.identifier;
let coreConfig = {
instrumentationKey: 'abc',
isBeaconApiDisabled: true,
extensionConfig: {
[this._sender.identifier]: {
corsPolicy: "cross-origin",
}
}
}
core.initialize(coreConfig, [this._sender]);

let sendBeaconCalled = false;
this.hookSendBeacon((url: string) => {
sendBeaconCalled = true;
return true;
});

const telemetryItem: ITelemetryItem = {
name: 'fake item',
iKey: 'iKey',
baseType: 'some type',
baseData: {}
};

try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}

QUnit.assert.equal(1, this._getXhrRequests().length, "xhr sender is called");
let headers = this._getXhrRequests()[0].requestHeaders;
QUnit.assert.equal(headers['AI-Cross-Origin-Resource-Policy'], 'cross-origin');
QUnit.assert.ok(headers.hasOwnProperty('AI-Cross-Origin-Resource-Policy'));
QUnit.assert.notOk(this._getXhrRequests()[0].requestHeaders.hasOwnProperty('testHeader'));

// dynamic change
core.config.extensionConfig[this._sender.identifier].corsPolicy = "same-origin";
this.clock.tick(1);
try {
this._sender.processTelemetry(telemetryItem, null);
this._sender.flush();
} catch(e) {
QUnit.assert.ok(false);
}
headers = this._getXhrRequests()[1].requestHeaders;
QUnit.assert.ok(headers.hasOwnProperty('AI-Cross-Origin-Resource-Policy'));
QUnit.assert.equal(headers['AI-Cross-Origin-Resource-Policy'], 'same-origin');
QUnit.assert.notOk(this._getXhrRequests()[1].requestHeaders.hasOwnProperty('testHeader'));
}
});

this.testCase({
name: 'Users are allowed to add customHeaders when endpointUrl is not Breeze.',
test: () => {
Expand Down
14 changes: 14 additions & 0 deletions channels/applicationinsights-channel-js/src/Interfaces.ts
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,20 @@ export interface ISenderConfig {
* @since 3.2.0
*/
maxRetryCnt?: number;

/**
* [Optional] Specifies the Cross-Origin Resource Policy (CORP) for the endpoint.
* This value is included in the response header as `Cross-Origin-Resource-Policy`,
* which helps control how resources can be shared across different origins.
*
* Possible values:
* - `same-site`: Allows access only from the same site.
* - `same-origin`: Allows access only from the same origin (protocol, host, and port).
* - `cross-origin`: Allows access from any origin.
*
* @since 3.3.3
*/
corsPolicy?: string;
}

export interface IBackendResponse {
Expand Down
7 changes: 7 additions & 0 deletions channels/applicationinsights-channel-js/src/Sender.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,12 @@ const defaultAppInsightsChannelConfig: IConfigDefaults<ISenderConfig> = objDeepF
alwaysUseXhrOverride: cfgDfBoolean(),
transports: UNDEFINED_VALUE,
retryCodes: UNDEFINED_VALUE,
crossOriginResourcePolicy: UNDEFINED_VALUE,
siyuniu-ms marked this conversation as resolved.
Show resolved Hide resolved
maxRetryCnt: {isVal: isNumber, v:10}
});

const CrossOriginResourcePolicyHeader: string = "AI-Cross-Origin-Resource-Policy";
siyuniu-ms marked this conversation as resolved.
Show resolved Hide resolved

function _chkSampling(value: number) {
return !isNaN(value) && value > 0 && value <= 100;
}
Expand Down Expand Up @@ -265,9 +268,13 @@ export class Sender extends BaseTelemetryPlugin implements IChannelControls {
if (config.storagePrefix){
utlSetStoragePrefix(config.storagePrefix);
}

let ctx = createProcessTelemetryContext(null, config, core);
// getExtCfg only finds undefined values from core
let senderConfig = ctx.getExtCfg(identifier, defaultAppInsightsChannelConfig);
if (senderConfig.corsPolicy){
this.addHeader(CrossOriginResourcePolicyHeader, senderConfig.corsPolicy);
siyuniu-ms marked this conversation as resolved.
Show resolved Hide resolved
}
if(isPromiseLike(senderConfig.endpointUrl)) {
// if it is promise, means the endpoint url is from core.endpointurl
senderConfig.endpointUrl = config.endpointUrl as any;
Expand Down
1 change: 0 additions & 1 deletion shared/AppInsightsCommon/src/Interfaces/IConfig.ts
Original file line number Diff line number Diff line change
Expand Up @@ -389,7 +389,6 @@ export interface IConfig {
* This URL takes precedence over the 'config.endpointUrl' and any endpoint in the connection string.
*/
userOverrideEndpointUrl?: string;

}

export class ConfigurationManager {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import { normalizeJsName } from "./HelperFuncs";
import { STR_EMPTY } from "./InternalConstants";
import { newId } from "./RandomHelper";

const version = "#version#";
const version = '3.3.3';
let instanceName = "." + newId(6);
let _dataUid = 0;

Expand Down
Loading