#28561: GraphQL added CORS headers (fixing issues)

michalderlatka · michalderlatka · commit 88840a79ad70 · 2020-06-25T09:50:57.000+02:00
diff --git a/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowCredentialsHeaderProvider.php b/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowCredentialsHeaderProvider.php
@@ -44,7 +44,7 @@ public function __construct(
      *
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->headerName;
     }
@@ -54,7 +54,7 @@ public function getName()
      *
      * @return string
      */
-    public function getValue()
+    public function getValue(): string
     {
         return "1";
     }
@@ -64,7 +64,7 @@ public function getValue()
      *
      * @return bool
      */
-    public function canApply() : bool
+    public function canApply(): bool
     {
         return $this->corsConfiguration->isEnabled() && $this->corsConfiguration->isCredentialsAllowed();
     }
diff --git a/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowHeadersHeaderProvider.php b/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowHeadersHeaderProvider.php
@@ -44,7 +44,7 @@ public function __construct(
      *
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->headerName;
     }
@@ -54,17 +54,17 @@ public function getName()
      *
      * @return bool
      */
-    public function canApply() : bool
+    public function canApply(): bool
     {
         return $this->corsConfiguration->isEnabled() && $this->getValue();
     }
 
     /**
      * Get value for header
      *
-     * @return string
+     * @return string|null
      */
-    public function getValue()
+    public function getValue(): ?string
     {
         return $this->corsConfiguration->getAllowedHeaders();
     }
diff --git a/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowMethodsHeaderProvider.php b/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowMethodsHeaderProvider.php
@@ -15,6 +15,9 @@
  */
 class CorsAllowMethodsHeaderProvider implements HeaderProviderInterface
 {
+    /**
+     * @var string
+     */
     private $headerName;
 
     /**
@@ -41,7 +44,7 @@ public function __construct(
      *
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->headerName;
     }
@@ -51,17 +54,17 @@ public function getName()
      *
      * @return bool
      */
-    public function canApply() : bool
+    public function canApply(): bool
     {
         return $this->corsConfiguration->isEnabled() && $this->getValue();
     }
 
     /**
      * Get value for header
      *
-     * @return string
+     * @return string|null
      */
-    public function getValue()
+    public function getValue(): ?string
     {
         return $this->corsConfiguration->getAllowedMethods();
     }
diff --git a/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowOriginHeaderProvider.php b/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowOriginHeaderProvider.php
@@ -15,6 +15,9 @@
  */
 class CorsAllowOriginHeaderProvider implements HeaderProviderInterface
 {
+    /**
+     * @var string
+     */
     private $headerName;
 
     /**
@@ -41,7 +44,7 @@ public function __construct(
      *
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->headerName;
     }
@@ -51,17 +54,17 @@ public function getName()
      *
      * @return bool
      */
-    public function canApply() : bool
+    public function canApply(): bool
     {
         return $this->corsConfiguration->isEnabled() && $this->getValue();
     }
 
     /**
      * Get value for header
      *
-     * @return string
+     * @return string|null
      */
-    public function getValue()
+    public function getValue(): ?string
     {
         return $this->corsConfiguration->getAllowedOrigins();
     }
diff --git a/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsMaxAgeHeaderProvider.php b/app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsMaxAgeHeaderProvider.php
@@ -15,6 +15,9 @@
  */
 class CorsMaxAgeHeaderProvider implements HeaderProviderInterface
 {
+    /**
+     * @var string
+     */
     private $headerName;
 
     /**
@@ -41,7 +44,7 @@ public function __construct(
      *
      * @return string
      */
-    public function getName()
+    public function getName(): string
     {
         return $this->headerName;
     }
@@ -51,18 +54,18 @@ public function getName()
      *
      * @return bool
      */
-    public function canApply()
+    public function canApply(): bool
     {
         return $this->corsConfiguration->isEnabled() && $this->getValue();
     }
 
     /**
      * Get value for header
      *
-     * @return string
+     * @return string|null
      */
-    public function getValue()
+    public function getValue(): ?string
     {
-        return $this->corsConfiguration->getMaxAge();
+        return (string) $this->corsConfiguration->getMaxAge();
     }
 }
diff --git a/app/code/Magento/GraphQl/Model/Cors/Configuration.php b/app/code/Magento/GraphQl/Model/Cors/Configuration.php
@@ -14,12 +14,12 @@
  */
 class Configuration implements ConfigurationInterface
 {
-    const XML_PATH_CORS_HEADERS_ENABLED = 'graphql/cors/enabled';
-    const XML_PATH_CORS_ALLOWED_ORIGINS = 'graphql/cors/allowed_origins';
-    const XML_PATH_CORS_ALLOWED_HEADERS = 'graphql/cors/allowed_headers';
-    const XML_PATH_CORS_ALLOWED_METHODS = 'graphql/cors/allowed_methods';
-    const XML_PATH_CORS_MAX_AGE = 'graphql/cors/max_age';
-    const XML_PATH_CORS_ALLOW_CREDENTIALS = 'graphql/cors/allow_credentials';
+    public const XML_PATH_CORS_HEADERS_ENABLED = 'graphql/cors/enabled';
+    public const XML_PATH_CORS_ALLOWED_ORIGINS = 'graphql/cors/allowed_origins';
+    public const XML_PATH_CORS_ALLOWED_HEADERS = 'graphql/cors/allowed_headers';
+    public const XML_PATH_CORS_ALLOWED_METHODS = 'graphql/cors/allowed_methods';
+    public const XML_PATH_CORS_MAX_AGE = 'graphql/cors/max_age';
+    public const XML_PATH_CORS_ALLOW_CREDENTIALS = 'graphql/cors/allow_credentials';
 
     /**
      * @var ScopeConfigInterface
diff --git a/app/code/Magento/GraphQl/Model/Cors/ConfigurationInterface.php b/app/code/Magento/GraphQl/Model/Cors/ConfigurationInterface.php
@@ -17,35 +17,35 @@ interface ConfigurationInterface
      *
      * @return bool
      */
-    public function isEnabled() : bool;
+    public function isEnabled(): bool;
 
     /**
      * Get allowed origins or null if stored configuration is empty
      *
      * @return string|null
      */
-    public function getAllowedOrigins() : ?string;
+    public function getAllowedOrigins(): ?string;
 
     /**
      * Get allowed headers or null if stored configuration is empty
      *
      * @return string|null
      */
-    public function getAllowedHeaders() : ?string;
+    public function getAllowedHeaders(): ?string;
 
     /**
      * Get allowed methods or null if stored configuration is empty
      *
      * @return string|null
      */
-    public function getAllowedMethods() : ?string;
+    public function getAllowedMethods(): ?string;
 
     /**
      * Get max age header value
      *
      * @return int
      */
-    public function getMaxAge() : int;
+    public function getMaxAge(): int;
 
     /**
      * Are credentials allowed
diff --git a/app/code/Magento/GraphQl/etc/di.xml b/app/code/Magento/GraphQl/etc/di.xml
@@ -100,27 +100,27 @@
     </type>
 
     <preference for="Magento\GraphQl\Model\Cors\ConfigurationInterface" type="Magento\GraphQl\Model\Cors\Configuration" />
-    <type name="\Magento\GraphQl\Controller\HttpResponse\Cors\CorsMaxAgeHeaderProvider">
+    <type name="Magento\GraphQl\Controller\HttpResponse\Cors\CorsMaxAgeHeaderProvider">
         <arguments>
             <argument name="headerName" xsi:type="string">Access-Control-Max-Age</argument>
         </arguments>
     </type>
-    <type name="\Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowCredentialsHeaderProvider">
+    <type name="Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowCredentialsHeaderProvider">
         <arguments>
             <argument name="headerName" xsi:type="string">Access-Control-Allow-Credentials</argument>
         </arguments>
     </type>
-    <type name="\Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowHeadersHeaderProvider">
+    <type name="Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowHeadersHeaderProvider">
         <arguments>
             <argument name="headerName" xsi:type="string">Access-Control-Allow-Headers</argument>
         </arguments>
     </type>
-    <type name="\Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowMethodsHeaderProvider">
+    <type name="Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowMethodsHeaderProvider">
         <arguments>
             <argument name="headerName" xsi:type="string">Access-Control-Allow-Methods</argument>
         </arguments>
     </type>
-    <type name="\Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowOriginHeaderProvider">
+    <type name="Magento\GraphQl\Controller\HttpResponse\Cors\CorsAllowOriginHeaderProvider">
         <arguments>
             <argument name="headerName" xsi:type="string">Access-Control-Allow-Origin</argument>
         </arguments>
diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/CorsHeadersTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/CorsHeadersTest.php
@@ -45,13 +45,13 @@ protected function setUp(): void
 
     protected function tearDown(): void
     {
-        parent::tearDown(); // TODO: Change the autogenerated stub
+        parent::tearDown();
 
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 0);
         $this->reinitConfig->reinit();
     }
 
-    public function testNoCorsHeadersWhenCorsIsDisabled()
+    public function testNoCorsHeadersWhenCorsIsDisabled(): void
     {
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 0);
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, 'Origin');
@@ -70,7 +70,7 @@ public function testNoCorsHeadersWhenCorsIsDisabled()
         self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);
     }
 
-    public function testCorsHeadersWhenCorsIsEnabled()
+    public function testCorsHeadersWhenCorsIsEnabled(): void
     {
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 1);
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, 'Origin');
@@ -89,7 +89,7 @@ public function testCorsHeadersWhenCorsIsEnabled()
         self::assertEquals('86400', $headers['Access-Control-Max-Age']);
     }
 
-    public function testEmptyCorsHeadersWhenCorsIsEnabled()
+    public function testEmptyCorsHeadersWhenCorsIsEnabled(): void
     {
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 1);
         $this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, '');
@@ -108,7 +108,7 @@ public function testEmptyCorsHeadersWhenCorsIsEnabled()
         self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);
     }
 
-    private function getHeadersFromIntrospectionQuery()
+    private function getHeadersFromIntrospectionQuery(): array
     {
         $query
             = <<<QUERY
@@ -121,6 +121,6 @@ private function getHeadersFromIntrospectionQuery()
   }
 QUERY;
 
-        return $this->graphQlQueryWithResponseHeaders($query)['headers'];
+        return $this->graphQlQueryWithResponseHeaders($query)['headers'] ?? [];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public function __construct(`
`44`	`44`	`*`
`45`	`45`	`* @return string`
`46`	`46`	`*/`
`47`		`- public function getName()`
	`47`	`+ public function getName(): string`
`48`	`48`	`{`
`49`	`49`	`return $this->headerName;`
`50`	`50`	`}`
`@@ -54,7 +54,7 @@ public function getName()`
`54`	`54`	`*`
`55`	`55`	`* @return string`
`56`	`56`	`*/`
`57`		`- public function getValue()`
	`57`	`+ public function getValue(): string`
`58`	`58`	`{`
`59`	`59`	`return "1";`
`60`	`60`	`}`
`@@ -64,7 +64,7 @@ public function getValue()`
`64`	`64`	`*`
`65`	`65`	`* @return bool`
`66`	`66`	`*/`
`67`		`- public function canApply() : bool`
	`67`	`+ public function canApply(): bool`
`68`	`68`	`{`
`69`	`69`	`return $this->corsConfiguration->isEnabled() && $this->corsConfiguration->isCredentialsAllowed();`
`70`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,9 @@`
`15`	`15`	`*/`
`16`	`16`	`class CorsAllowMethodsHeaderProvider implements HeaderProviderInterface`
`17`	`17`	`{`
	`18`	`+ /**`
	`19`	`+ * @var string`
	`20`	`+ */`
`18`	`21`	`private $headerName;`
`19`	`22`
`20`	`23`	`/**`
`@@ -41,7 +44,7 @@ public function __construct(`
`41`	`44`	`*`
`42`	`45`	`* @return string`
`43`	`46`	`*/`
`44`		`- public function getName()`
	`47`	`+ public function getName(): string`
`45`	`48`	`{`
`46`	`49`	`return $this->headerName;`
`47`	`50`	`}`
`@@ -51,17 +54,17 @@ public function getName()`
`51`	`54`	`*`
`52`	`55`	`* @return bool`
`53`	`56`	`*/`
`54`		`- public function canApply() : bool`
	`57`	`+ public function canApply(): bool`
`55`	`58`	`{`
`56`	`59`	`return $this->corsConfiguration->isEnabled() && $this->getValue();`
`57`	`60`	`}`
`58`	`61`
`59`	`62`	`/**`
`60`	`63`	`* Get value for header`
`61`	`64`	`*`
`62`		`- * @return string`
	`65`	`+ * @return string\|null`
`63`	`66`	`*/`
`64`		`- public function getValue()`
	`67`	`+ public function getValue(): ?string`
`65`	`68`	`{`
`66`	`69`	`return $this->corsConfiguration->getAllowedMethods();`
`67`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,13 +45,13 @@ protected function setUp(): void`
`45`	`45`
`46`	`46`	`protected function tearDown(): void`
`47`	`47`	`{`
`48`		`- parent::tearDown(); // TODO: Change the autogenerated stub`
	`48`	`+ parent::tearDown();`
`49`	`49`
`50`	`50`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 0);`
`51`	`51`	`$this->reinitConfig->reinit();`
`52`	`52`	`}`
`53`	`53`
`54`		`- public function testNoCorsHeadersWhenCorsIsDisabled()`
	`54`	`+ public function testNoCorsHeadersWhenCorsIsDisabled(): void`
`55`	`55`	`{`
`56`	`56`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 0);`
`57`	`57`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, 'Origin');`
`@@ -70,7 +70,7 @@ public function testNoCorsHeadersWhenCorsIsDisabled()`
`70`	`70`	`self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);`
`71`	`71`	`}`
`72`	`72`
`73`		`- public function testCorsHeadersWhenCorsIsEnabled()`
	`73`	`+ public function testCorsHeadersWhenCorsIsEnabled(): void`
`74`	`74`	`{`
`75`	`75`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 1);`
`76`	`76`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, 'Origin');`
`@@ -89,7 +89,7 @@ public function testCorsHeadersWhenCorsIsEnabled()`
`89`	`89`	`self::assertEquals('86400', $headers['Access-Control-Max-Age']);`
`90`	`90`	`}`
`91`	`91`
`92`		`- public function testEmptyCorsHeadersWhenCorsIsEnabled()`
	`92`	`+ public function testEmptyCorsHeadersWhenCorsIsEnabled(): void`
`93`	`93`	`{`
`94`	`94`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_HEADERS_ENABLED, 1);`
`95`	`95`	`$this->resourceConfig->saveConfig(Configuration::XML_PATH_CORS_ALLOWED_HEADERS, '');`
`@@ -108,7 +108,7 @@ public function testEmptyCorsHeadersWhenCorsIsEnabled()`
`108`	`108`	`self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);`
`109`	`109`	`}`
`110`	`110`
`111`		`- private function getHeadersFromIntrospectionQuery()`
	`111`	`+ private function getHeadersFromIntrospectionQuery(): array`
`112`	`112`	`{`
`113`	`113`	`$query`
`114`	`114`	`= <<<QUERY`
`@@ -121,6 +121,6 @@ private function getHeadersFromIntrospectionQuery()`
`121`	`121`	`}`
`122`	`122`	`QUERY;`
`123`	`123`
`124`		`- return $this->graphQlQueryWithResponseHeaders($query)['headers'];`
	`124`	`+ return $this->graphQlQueryWithResponseHeaders($query)['headers'] ?? [];`
`125`	`125`	`}`
`126`	`126`	`}`