diff --git a/lib/fluent/plugin/in_http.rb b/lib/fluent/plugin/in_http.rb index a9d0bf69fb..23431334ef 100644 --- a/lib/fluent/plugin/in_http.rb +++ b/lib/fluent/plugin/in_http.rb @@ -375,7 +375,7 @@ def on_message_complete # For every incoming request, we check if we have some CORS # restrictions and white listed origins through @cors_allow_origins. unless @cors_allow_origins.nil? - unless @cors_allow_origins.include?(@origin) + unless @cors_allow_origins.include?('*') or @cors_allow_origins.include?(@origin) send_response_and_close("403 Forbidden", {'Connection' => 'close'}, "") return end @@ -422,7 +422,14 @@ def on_message_complete code, header, body = *@callback.call(path_info, params) body = body.to_s - header['Access-Control-Allow-Origin'] = @origin if !@cors_allow_origins.nil? && @cors_allow_origins.include?(@origin) + unless @cors_allow_origins.nil? + if @cors_allow_origins.include?('*') + header['Access-Control-Allow-Origin'] = '*' + elsif @cors_allow_origins.include?(@origin) + header['Access-Control-Allow-Origin'] = @origin + end + end + if @keep_alive header['Connection'] = 'Keep-Alive' send_response(code, header, body) diff --git a/test/plugin/test_in_http.rb b/test/plugin/test_in_http.rb index 4910a20f93..ea837abdb0 100644 --- a/test/plugin/test_in_http.rb +++ b/test/plugin/test_in_http.rb @@ -604,6 +604,26 @@ def test_cors_allowed assert_equal_event_time time, d.events[1][1] end + def test_cors_allowed_wildcard + d = create_driver(CONFIG + 'cors_allow_origins ["*"]') + + time = event_time("2011-01-02 13:14:15 UTC") + events = [ + ["tag1", time, {"a"=>1}], + ] + + d.run do + events.each do |tag, time, record| + headers = {"Origin" => "http://foo.com"} + + res = post("/#{tag}", {"json" => record.to_json, "time" => time.to_i}, headers) + + assert_equal "200", res.code + assert_equal "*", res["Access-Control-Allow-Origin"] + end + end + end + def test_content_encoding_gzip d = create_driver