Commit 1a4197f4 authored by Janoš Guljaš's avatar Janoš Guljaš Committed by GitHub

implement CORS headers in API (#358)

parent ccdf8043
...@@ -39,6 +39,7 @@ func (c *command) initStartCmd() (err error) { ...@@ -39,6 +39,7 @@ func (c *command) initStartCmd() (err error) {
optionNameDebugAPIAddr = "debug-api-addr" optionNameDebugAPIAddr = "debug-api-addr"
optionNameBootnodes = "bootnode" optionNameBootnodes = "bootnode"
optionNameNetworkID = "network-id" optionNameNetworkID = "network-id"
optionCORSAllowedOrigins = "cors-allowed-origins"
optionNameTracingEnabled = "tracing" optionNameTracingEnabled = "tracing"
optionNameTracingEndpoint = "tracing-endpoint" optionNameTracingEndpoint = "tracing-endpoint"
optionNameTracingServiceName = "tracing-service-name" optionNameTracingServiceName = "tracing-service-name"
...@@ -105,6 +106,7 @@ func (c *command) initStartCmd() (err error) { ...@@ -105,6 +106,7 @@ func (c *command) initStartCmd() (err error) {
DisableQUIC: c.config.GetBool(optionNameP2PDisableQUIC), DisableQUIC: c.config.GetBool(optionNameP2PDisableQUIC),
NetworkID: c.config.GetUint64(optionNameNetworkID), NetworkID: c.config.GetUint64(optionNameNetworkID),
Bootnodes: c.config.GetStringSlice(optionNameBootnodes), Bootnodes: c.config.GetStringSlice(optionNameBootnodes),
CORSAllowedOrigins: c.config.GetStringSlice(optionCORSAllowedOrigins),
TracingEnabled: c.config.GetBool(optionNameTracingEnabled), TracingEnabled: c.config.GetBool(optionNameTracingEnabled),
TracingEndpoint: c.config.GetString(optionNameTracingEndpoint), TracingEndpoint: c.config.GetString(optionNameTracingEndpoint),
TracingServiceName: c.config.GetString(optionNameTracingServiceName), TracingServiceName: c.config.GetString(optionNameTracingServiceName),
...@@ -166,6 +168,7 @@ func (c *command) initStartCmd() (err error) { ...@@ -166,6 +168,7 @@ func (c *command) initStartCmd() (err error) {
cmd.Flags().Bool(optionNameEnableDebugAPI, false, "enable debug HTTP API") cmd.Flags().Bool(optionNameEnableDebugAPI, false, "enable debug HTTP API")
cmd.Flags().String(optionNameDebugAPIAddr, ":6060", "debug HTTP API listen address") cmd.Flags().String(optionNameDebugAPIAddr, ":6060", "debug HTTP API listen address")
cmd.Flags().Uint64(optionNameNetworkID, 1, "ID of the Swarm network") cmd.Flags().Uint64(optionNameNetworkID, 1, "ID of the Swarm network")
cmd.Flags().StringSlice(optionCORSAllowedOrigins, []string{}, "origins with CORS headers enabled")
cmd.Flags().Bool(optionNameTracingEnabled, false, "enable tracing") cmd.Flags().Bool(optionNameTracingEnabled, false, "enable tracing")
cmd.Flags().String(optionNameTracingEndpoint, "127.0.0.1:6831", "endpoint to send tracing data") cmd.Flags().String(optionNameTracingEndpoint, "127.0.0.1:6831", "endpoint to send tracing data")
cmd.Flags().String(optionNameTracingServiceName, "bee", "service name identifier for tracing") cmd.Flags().String(optionNameTracingServiceName, "bee", "service name identifier for tracing")
......
...@@ -26,10 +26,11 @@ type server struct { ...@@ -26,10 +26,11 @@ type server struct {
} }
type Options struct { type Options struct {
Tags *tags.Tags Tags *tags.Tags
Storer storage.Storer Storer storage.Storer
Logger logging.Logger CORSAllowedOrigins []string
Tracer *tracing.Tracer Logger logging.Logger
Tracer *tracing.Tracer
} }
func New(o Options) Service { func New(o Options) Service {
......
...@@ -59,6 +59,27 @@ func (s *server) setupRouting() { ...@@ -59,6 +59,27 @@ func (s *server) setupRouting() {
handlers.CompressHandler, handlers.CompressHandler,
// todo: add recovery handler // todo: add recovery handler
s.pageviewMetricsHandler, s.pageviewMetricsHandler,
func(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if o := r.Header.Get("Origin"); o != "" && (s.CORSAllowedOrigins == nil || containsOrigin(o, s.CORSAllowedOrigins)) {
w.Header().Set("Access-Control-Allow-Credentials", "true")
w.Header().Set("Access-Control-Allow-Origin", o)
w.Header().Set("Access-Control-Allow-Headers", "Origin, Accept, Authorization, Content-Type, X-Requested-With, Access-Control-Request-Headers, Access-Control-Request-Method")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT, DELETE")
w.Header().Set("Access-Control-Max-Age", "3600")
}
h.ServeHTTP(w, r)
})
},
web.FinalHandler(router), web.FinalHandler(router),
) )
} }
func containsOrigin(s string, l []string) (ok bool) {
for _, e := range l {
if e == s || e == "*" {
return true
}
}
return false
}
...@@ -78,6 +78,7 @@ type Options struct { ...@@ -78,6 +78,7 @@ type Options struct {
DisableQUIC bool DisableQUIC bool
NetworkID uint64 NetworkID uint64
Bootnodes []string Bootnodes []string
CORSAllowedOrigins []string
Logger logging.Logger Logger logging.Logger
TracingEnabled bool TracingEnabled bool
TracingEndpoint string TracingEndpoint string
...@@ -291,10 +292,11 @@ func NewBee(o Options) (*Bee, error) { ...@@ -291,10 +292,11 @@ func NewBee(o Options) (*Bee, error) {
if o.APIAddr != "" { if o.APIAddr != "" {
// API server // API server
apiService = api.New(api.Options{ apiService = api.New(api.Options{
Tags: tag, Tags: tag,
Storer: ns, Storer: ns,
Logger: logger, CORSAllowedOrigins: o.CORSAllowedOrigins,
Tracer: tracer, Logger: logger,
Tracer: tracer,
}) })
apiListener, err := net.Listen("tcp", o.APIAddr) apiListener, err := net.Listen("tcp", o.APIAddr)
if err != nil { if err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment