fix(cors): support browser extension origins and use array format for allowed origins#397
Conversation
|
Warning Review limit reached
Next review available in: 37 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughCORS 允许来源从逗号分隔字符串改为 JSON 字符串数组,新增浏览器扩展来源 scheme 支持,并加入旧配置迁移、运行时行为、前端校验、测试及中英文文档更新。 ChangesCORS 配置格式与运行时行为
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant BrowserExtension
participant CorsMiddleware
participant CorsConfig
participant WebDAV
BrowserExtension->>CorsMiddleware: 发送带扩展 Origin 的请求
CorsMiddleware->>CorsConfig: 读取并匹配允许来源数组
CorsConfig-->>CorsMiddleware: 返回匹配结果
CorsMiddleware->>WebDAV: 放行预检或实际请求
WebDAV-->>BrowserExtension: 返回 CORS 响应头或错误
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@frontend-panel/src/pages/admin/AdminSettingsPage.test.tsx`:
- Around line 1215-1217: 更新保存响应 mock 及其
getMockConfigValueType、getMockConfigCategory 配置:对 cors_allowed_origins 返回
string_array 类型和 network 分类,模拟后端实际的 network/string_array 元数据,避免继续回退为
string/storage。
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 7260a044-f6d8-4c57-af17-36214d19acce
📒 Files selected for processing (14)
docs/config/runtime.mddocs/en/config/runtime.mdfrontend-panel/src/components/admin/settings/useAdminSettingsData.test.tsfrontend-panel/src/components/admin/settings/useAdminSettingsData.tsfrontend-panel/src/i18n/locales/en/admin/settings-network.jsonfrontend-panel/src/i18n/locales/zh/admin/settings-network.jsonfrontend-panel/src/pages/admin/AdminSettingsPage.test.tsxsrc/api/middleware/cors/mod.rssrc/api/middleware/cors/tests.rssrc/config/cors.rssrc/config/definitions.rssrc/config/system_config.rssrc/db/repository/config_repo.rstests/test_cors.rs
…r allowed origins - Change `cors_allowed_origins` config value type from `string` to `string_array` - Add support for browser extension origins (`chrome-extension`, `moz-extension`, `safari-web-extension`) - Update frontend admin settings to input origins as separate items; validate array values - Migrate legacy comma-separated origin lists to the new JSON array format on startup - Update documentation (English and Chinese) to reflect the new format and extension support - Extend test coverage for extension origins, migration, validation, and array handling
b4e75e8 to
19934ff
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/config/runtime.md`:
- Line 178: 将运行时配置文档中“允许的跨域来源”描述里的“是完整 origin 的数组”改为更自然的“为由完整 origin
组成的数组”,保留后续示例及扩展来源说明不变。
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 20a8fc55-7db2-4b62-80d6-bf3afdbdb7f7
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (12)
docs/config/runtime.mddocs/en/config/runtime.mdfrontend-panel/src/components/admin/settings/useAdminSettingsData.test.tsfrontend-panel/src/components/admin/settings/useAdminSettingsData.tsfrontend-panel/src/i18n/locales/en/admin/settings-network.jsonfrontend-panel/src/i18n/locales/zh/admin/settings-network.jsonfrontend-panel/src/pages/admin/AdminSettingsPage.test.tsxsrc/api/middleware/cors/mod.rssrc/config/cors.rssrc/config/definitions.rssrc/config/system_config.rssrc/db/repository/config_repo.rs
🚧 Files skipped from review as they are similar to previous changes (10)
- frontend-panel/src/i18n/locales/zh/admin/settings-network.json
- frontend-panel/src/i18n/locales/en/admin/settings-network.json
- src/config/system_config.rs
- frontend-panel/src/components/admin/settings/useAdminSettingsData.ts
- docs/en/config/runtime.md
- src/db/repository/config_repo.rs
- frontend-panel/src/pages/admin/AdminSettingsPage.test.tsx
- src/config/definitions.rs
- frontend-panel/src/components/admin/settings/useAdminSettingsData.test.ts
- src/config/cors.rs
|
LGTM |
Summary
cors_allowed_originsconfig value type fromstringtostring_arraychrome-extension,moz-extension,safari-web-extension)Test plan
cargo checkcargo test --lib <filter>orcargo test --test <name> <filter>bun run checkbun run buildNotes for reviewers
cors_allowed_originsconfig value type fromstringtostring_array, add support for browser extension origins (chrome-extension,moz-extension,safari-web-extension)Related Issue
Close #396
Summary by CodeRabbit
新功能
改进