fess icon indicating copy to clipboard operation
fess copied to clipboard
verified publisher icon codelibs

Improve CORS functionality implementation

Open marevol opened this issue 2 months ago • 0 comments

This commit improves the CORS (Cross-Origin Resource Sharing) implementation in the org.codelibs.fess.cors package with the following enhancements:

  1. Bug Fixes:

    • Fixed typo in CorsHandlerFactory: renamed 'handerMap' to 'handlerMap'
    • Changed OPTIONS preflight response from SC_ACCEPTED (202) to SC_OK (200) for better compliance with CORS standard

  2. Thread Safety:

    • Replaced HashMap with ConcurrentHashMap in CorsHandlerFactory
    • Added thread-safety documentation

  3. New Features:

    • Added Access-Control-Expose-Headers support to expose custom headers
    • Added Vary: Origin header for proper caching behavior
    • Added Access-Control-Allow-Private-Network support for private network access requests (Chrome feature)

  4. Configuration:

    • Added new config property: api.cors.expose.headers
    • Added corresponding method in FessConfig interface
    • Updated default values and documentation

  5. Code Quality:

    • Added inline comments for better code readability
    • Added new header constants in CorsHandler base class
    • Improved JavaDoc documentation

  6. Tests:

    • Updated CorsHandlerFactoryTest to use correct field name
    • Updated CorsFilterTest to expect SC_OK instead of SC_ACCEPTED

These improvements enhance security, performance, and standards compliance of the CORS implementation while maintaining backward compatibility.

marevol avatar Nov 16 '25 11:11 marevol