From 2bdd94073be7be0edc2c3c937acaecdcea8a0b11 Mon Sep 17 00:00:00 2001 From: Wojciech Baszczyk Date: Wed, 25 Mar 2026 09:05:39 +0100 Subject: [PATCH 1/2] feat(gateway): support Private Network Access (PNA) in CORS preflight (APIM-13215) --- .../entities/management-api-v2/api/cors.ts | 1 + .../api/cors/api-cors.component.html | 16 ++++++++++ .../api/cors/api-cors.component.spec.ts | 21 +++++++++++++ .../management/api/cors/api-cors.component.ts | 17 +++++++++- .../datatype/api/deser/CorsDeserializer.java | 1 + .../datatype/api/ser/CorsSerializer.java | 4 +++ .../io/gravitee/definition/model/Cors.java | 12 +++++++ .../cors/CorsPreflightRequestProcessor.java | 9 ++++++ .../cors/CorsPreflightRequestProcessor.java | 10 ++++++ .../CorsPreflightRequestProcessorTest.java | 31 +++++++++++++++++++ .../main/resources/openapi/openapi-apis.yaml | 3 ++ .../src/test/java/fixtures/CorsFixtures.java | 3 +- .../v2/rest/mapper/CorsMapperTest.java | 2 ++ .../main/java/fixtures/CorsModelFixtures.java | 3 +- 14 files changed, 130 insertions(+), 3 deletions(-) diff --git a/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts b/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts index 63e88d55d3d..89fbf5bbfcc 100644 --- a/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts +++ b/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts @@ -22,5 +22,6 @@ export interface Cors { enabled?: boolean; exposeHeaders?: string[]; maxAge?: number; + allowPrivateNetwork?: boolean; runPolicies?: boolean; } diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html index 1940ccf1f66..befaa9007c6 100644 --- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html +++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html @@ -144,6 +144,22 @@ + +
+ + Access-Control-Allow-Private-Network + When enabled, the gateway responds with Access-Control-Allow-Private-Network: true to preflight requests that include + Access-Control-Request-Private-Network: true. This is required for public websites to access private network + resources. + + +
+
diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts index ef1b5fe53e6..99199ebae07 100644 --- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts +++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts @@ -127,6 +127,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, exposeHeaders: [], maxAge: -1, + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -143,6 +144,7 @@ describe('ApiCorsComponent', () => { allowCredentials: true, maxAge: 10, exposeHeaders: ['exposeHeaders'], + allowPrivateNetwork: true, runPolicies: true, }, }, @@ -179,6 +181,12 @@ describe('ApiCorsComponent', () => { expect(await exposeHeadersInput.getTags()).toEqual(['exposeHeaders']); await exposeHeadersInput.addTag('exposeHeaders2'); + const allowPrivateNetworkInput = await loader.getHarness( + MatSlideToggleHarness.with({ selector: '[formControlName="allowPrivateNetwork"]' }), + ); + expect(await allowPrivateNetworkInput.isChecked()).toEqual(true); + await allowPrivateNetworkInput.toggle(); + const runPoliciesInput = await loader.getHarness(MatSlideToggleHarness.with({ selector: '[formControlName="runPolicies"]' })); expect(await runPoliciesInput.isChecked()).toEqual(true); await runPoliciesInput.toggle(); @@ -197,6 +205,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, maxAge: 20, exposeHeaders: ['exposeHeaders', 'exposeHeaders2'], + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -238,6 +247,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, exposeHeaders: [], maxAge: -1, + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -310,6 +320,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, exposeHeaders: [], maxAge: -1, + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -361,6 +372,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, exposeHeaders: [], maxAge: -1, + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -382,6 +394,7 @@ describe('ApiCorsComponent', () => { allowCredentials: true, maxAge: 10, exposeHeaders: ['exposeHeaders'], + allowPrivateNetwork: true, runPolicies: true, }, }, @@ -419,6 +432,12 @@ describe('ApiCorsComponent', () => { expect(await exposeHeadersInput.getTags()).toEqual(['exposeHeaders']); await exposeHeadersInput.addTag('exposeHeaders2'); + const allowPrivateNetworkInput = await loader.getHarness( + MatSlideToggleHarness.with({ selector: '[formControlName="allowPrivateNetwork"]' }), + ); + expect(await allowPrivateNetworkInput.isChecked()).toEqual(true); + await allowPrivateNetworkInput.toggle(); + const runPoliciesInput = await loader.getHarness(MatSlideToggleHarness.with({ selector: '[formControlName="runPolicies"]' })); expect(await runPoliciesInput.isChecked()).toEqual(true); await runPoliciesInput.toggle(); @@ -437,6 +456,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, maxAge: 20, exposeHeaders: ['exposeHeaders', 'exposeHeaders2'], + allowPrivateNetwork: false, runPolicies: false, }); }); @@ -475,6 +495,7 @@ describe('ApiCorsComponent', () => { allowCredentials: false, exposeHeaders: [], maxAge: -1, + allowPrivateNetwork: false, runPolicies: false, }); }); diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts index ad8b8bd59c0..d7c6a4d51ac 100644 --- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts +++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts @@ -123,6 +123,10 @@ export class ApiCorsComponent implements OnInit, OnDestroy { value: cors.exposeHeaders ?? [], disabled: isCorsDisabled, }), + allowPrivateNetwork: new UntypedFormControl({ + value: cors.allowPrivateNetwork ?? false, + disabled: isCorsDisabled, + }), runPolicies: new UntypedFormControl({ value: cors.runPolicies ?? false, disabled: isCorsDisabled, @@ -131,7 +135,16 @@ export class ApiCorsComponent implements OnInit, OnDestroy { this.initialCorsFormValue = this.corsForm.getRawValue(); // Disable all Control if enabled is not checked - const controlKeys = ['allowOrigin', 'allowMethods', 'allowHeaders', 'allowCredentials', 'maxAge', 'exposeHeaders', 'runPolicies']; + const controlKeys = [ + 'allowOrigin', + 'allowMethods', + 'allowHeaders', + 'allowCredentials', + 'maxAge', + 'exposeHeaders', + 'allowPrivateNetwork', + 'runPolicies', + ]; this.corsForm.get('enabled').valueChanges.subscribe(checked => { controlKeys.forEach(k => { return checked ? this.corsForm.get(k).enable() : this.corsForm.get(k).disable(); @@ -205,6 +218,7 @@ export class ApiCorsComponent implements OnInit, OnDestroy { allowCredentials: corsFormValue.allowCredentials, maxAge: corsFormValue.maxAge, exposeHeaders: corsFormValue.exposeHeaders, + allowPrivateNetwork: corsFormValue.allowPrivateNetwork, runPolicies: corsFormValue.runPolicies, }, }, @@ -223,6 +237,7 @@ export class ApiCorsComponent implements OnInit, OnDestroy { allowCredentials: corsFormValue.allowCredentials, maxAge: corsFormValue.maxAge, exposeHeaders: corsFormValue.exposeHeaders, + allowPrivateNetwork: corsFormValue.allowPrivateNetwork, runPolicies: corsFormValue.runPolicies, }; }); diff --git a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java index fdffcdce200..4585cc27397 100644 --- a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java +++ b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java @@ -66,6 +66,7 @@ public Cors deserialize(JsonParser jp, DeserializationContext ctxt) throws IOExc cors.setAccessControlMaxAge(-1); } cors.setRunPolicies(node.path("runPolicies").asBoolean(false)); + cors.setAllowPrivateNetwork(node.path("allowPrivateNetwork").asBoolean(false)); } return cors; diff --git a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java index 6badd8cd096..21cb964bb03 100644 --- a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java +++ b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java @@ -115,6 +115,10 @@ public void serialize(Cors cors, JsonGenerator jgen, SerializerProvider provider jgen.writeBooleanField("runPolicies", cors.isRunPolicies()); } + if (cors.isAllowPrivateNetwork()) { + jgen.writeBooleanField("allowPrivateNetwork", cors.isAllowPrivateNetwork()); + } + jgen.writeEndObject(); } } diff --git a/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java b/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java index 6ab270bd7e6..f8e0ddbaa8a 100644 --- a/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java +++ b/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java @@ -77,6 +77,10 @@ public class Cors implements Serializable { @JsonInclude(JsonInclude.Include.NON_DEFAULT) private boolean runPolicies; + @JsonProperty("allowPrivateNetwork") + @JsonInclude(JsonInclude.Include.NON_DEFAULT) + private boolean allowPrivateNetwork; + public static int getDefaultErrorStatusCode() { return DEFAULT_ERROR_STATUS_CODE; } @@ -164,4 +168,12 @@ public boolean isRunPolicies() { public void setRunPolicies(boolean runPolicies) { this.runPolicies = runPolicies; } + + public boolean isAllowPrivateNetwork() { + return allowPrivateNetwork; + } + + public void setAllowPrivateNetwork(boolean allowPrivateNetwork) { + this.allowPrivateNetwork = allowPrivateNetwork; + } } diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java index 31cb706c116..0158d50f11c 100644 --- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java +++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java @@ -145,6 +145,15 @@ private void handlePreflightRequest(Request request, Response response) { .headers() .set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, String.join(JOINER_CHAR_SEQUENCE, cors.getAccessControlAllowHeaders())); + // 11. Private Network Access: if enabled and request includes Access-Control-Request-Private-Network, + // respond with Access-Control-Allow-Private-Network: true + if (cors.isAllowPrivateNetwork()) { + String pnaRequest = request.headers().getFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK); + if ("true".equalsIgnoreCase(pnaRequest)) { + response.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK, "true"); + } + } + response.status(HttpStatusCode.OK_200); } diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java index dba59c24f48..1565da72d14 100644 --- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java +++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java @@ -177,6 +177,16 @@ private boolean handlePreflightRequest(final Cors cors, final HttpBaseExecutionC .headers() .set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, String.join(JOINER_CHAR_SEQUENCE, cors.getAccessControlAllowHeaders())); } + + // 11. Private Network Access: if enabled and request includes Access-Control-Request-Private-Network, + // respond with Access-Control-Allow-Private-Network: true + if (cors.isAllowPrivateNetwork()) { + String pnaRequest = request.headers().get(HttpHeaderNames.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK); + if ("true".equalsIgnoreCase(pnaRequest)) { + response.headers().set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK, "true"); + } + } + return true; } diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java index 7640c327b61..142198910dd 100644 --- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java +++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java @@ -15,7 +15,9 @@ */ package io.gravitee.gateway.reactive.handlers.api.processor.cors; +import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK; import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD; +import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK; import static io.gravitee.gateway.api.http.HttpHeaderNames.ORIGIN; import static io.gravitee.gateway.reactive.api.context.InternalContextAttributes.ATTR_INTERNAL_INVOKER; import static io.gravitee.gateway.reactive.api.context.InternalContextAttributes.ATTR_INTERNAL_SECURITY_SKIP; @@ -318,6 +320,35 @@ public void shouldInterruptWithWildcardHeadersWhenCorsEnabledAndValidRequest() { assertThat(spyCtx.getInternalAttribute(ATTR_INTERNAL_INVOKER)).isNull(); } + @Test + public void shouldSetAllowPrivateNetworkHeaderWhenEnabledAndRequestHasPnaHeader() { + api.getProxy().getCors().setAllowPrivateNetwork(true); + spyRequestHeaders.set(ORIGIN, "origin"); + spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET"); + spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK, "true"); + corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class); + assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isEqualTo("true"); + } + + @Test + public void shouldNotSetAllowPrivateNetworkHeaderWhenEnabledButRequestMissingPnaHeader() { + api.getProxy().getCors().setAllowPrivateNetwork(true); + spyRequestHeaders.set(ORIGIN, "origin"); + spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET"); + corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class); + assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isNull(); + } + + @Test + public void shouldNotSetAllowPrivateNetworkHeaderWhenDisabledAndRequestHasPnaHeader() { + api.getProxy().getCors().setAllowPrivateNetwork(false); + spyRequestHeaders.set(ORIGIN, "origin"); + spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET"); + spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK, "true"); + corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class); + assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isNull(); + } + @Test public void shouldCompleteWithoutAddingHeadersWhenCorsWildcardAndInvalidRequest() { api.getProxy().getCors().setAccessControlAllowMethods(Set.of("*")); diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml index 4255e52ce93..c6c4e3bc0b7 100644 --- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml +++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml @@ -4179,6 +4179,9 @@ components: default: -1 runPolicies: type: boolean + allowPrivateNetwork: + type: boolean + description: Allow private network access (PNA) requests during CORS preflight Dlq: type: object properties: diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java index 7d35935d88a..e2626e38115 100644 --- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java +++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java @@ -36,7 +36,8 @@ private CorsFixtures() {} .enabled(true) .exposeHeaders(Set.of("exposeHeader1", "exposeHeader2")) .maxAge(10) - .runPolicies(true); + .runPolicies(true) + .allowPrivateNetwork(true); public static Cors aCors() { return BASE_CORS.get(); diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java index 80a95d9a503..b6de015062a 100644 --- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java +++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java @@ -39,6 +39,7 @@ void shouldMapToCorsEntity() { assertThat(corsEntity.getAccessControlExposeHeaders()).isEqualTo(cors.getExposeHeaders()); assertThat(corsEntity.getAccessControlMaxAge()).isEqualTo(cors.getMaxAge()); assertThat(corsEntity.isRunPolicies()).isEqualTo(cors.getRunPolicies()); + assertThat(corsEntity.isAllowPrivateNetwork()).isEqualTo(cors.getAllowPrivateNetwork()); } @Test @@ -55,5 +56,6 @@ void shouldMapFromCorsEntity() { assertThat(cors.getExposeHeaders()).isEqualTo(corsEntity.getAccessControlExposeHeaders()); assertThat(cors.getMaxAge()).isEqualTo(corsEntity.getAccessControlMaxAge()); assertThat(cors.getRunPolicies()).isEqualTo(corsEntity.isRunPolicies()); + assertThat(cors.getAllowPrivateNetwork()).isEqualTo(corsEntity.isAllowPrivateNetwork()); } } diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java index 37db44ed9bd..a0777433ce4 100644 --- a/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java +++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java @@ -29,7 +29,8 @@ private CorsModelFixtures() {} .enabled(true) .accessControlExposeHeaders(Set.of("exposeHeader1", "exposeHeader2")) .accessControlMaxAge(10) - .runPolicies(true); + .runPolicies(true) + .allowPrivateNetwork(true); public static io.gravitee.definition.model.Cors aModelCors() { return BASE_MODEL_CORS.build(); From 6b324b9c2e28131478641d69628eb28b9d95c9d1 Mon Sep 17 00:00:00 2001 From: Wojciech Baszczyk Date: Wed, 25 Mar 2026 10:08:28 +0100 Subject: [PATCH 2/2] chore: bump gravitee-common to 4.9.1 and gravitee-gateway-api to 5.1.1 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 4998e5ea145..3a973c28037 100644 --- a/pom.xml +++ b/pom.xml @@ -55,13 +55,13 @@ 3.11.0 2.3.1 1.7.0 - 4.9.0 + 4.9.1 1.0.0 1.1.5 2.0.1 4.3.0 2.1.0 - 5.1.0 + 5.1.1 5.1.0 2.2.0 3.7.1