From 7180749f8abb5c01d93742d8e99d5b1739f09931 Mon Sep 17 00:00:00 2001 From: otherview Date: Mon, 15 Jul 2024 17:32:18 +0100 Subject: [PATCH] CORS + Cookies flags --- api/api.go | 19 +++++++++++++++++-- cmd/thor/flags.go | 8 ++++++++ cmd/thor/main.go | 8 ++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/api/api.go b/api/api.go index 631019b77..1d5afa0a4 100644 --- a/api/api.go +++ b/api/api.go @@ -50,6 +50,8 @@ func New( enableReqLogger bool, enableMetrics bool, logsLimit uint64, + allowedCredsEnabled bool, + allowedOriginEnabled bool, ) (http.HandlerFunc, func()) { origins := strings.Split(strings.TrimSpace(allowedOrigins), ",") for i, o := range origins { @@ -102,11 +104,24 @@ func New( } handler := handlers.CompressHandler(router) - handler = handlers.CORS( + corsOptions := []handlers.CORSOption{ handlers.AllowedOrigins(origins), handlers.AllowedHeaders([]string{"content-type", "x-genesis-id"}), handlers.ExposedHeaders([]string{"x-genesis-id", "x-thorest-ver"}), - )(handler) + } + + if allowedCredsEnabled { + corsOptions = append(corsOptions, handlers.AllowCredentials()) + } + + if allowedOriginEnabled { + corsOptions = append(corsOptions, handlers.AllowedOriginValidator(func(origin string) bool { + // Allow all origins by always returning true + return true + })) + } + + handler = handlers.CORS(corsOptions...)(handler) if enableReqLogger { handler = RequestLoggerHandler(handler, log) diff --git a/cmd/thor/flags.go b/cmd/thor/flags.go index 69267d36d..f2b3b7ef8 100644 --- a/cmd/thor/flags.go +++ b/cmd/thor/flags.go @@ -69,6 +69,14 @@ var ( Value: 1000, Usage: "limit the number of logs returned by /logs API", } + apiAllowedCredsFlag = cli.BoolFlag{ + Name: "api-allowed-creds", + Usage: "enables Access-Control-Allow-Credentials header in API response", + } + apiAllowedOriginsFlag = cli.BoolFlag{ + Name: "api-allowed-origins", + Usage: "enables Access-Control-Allow-Origin to be set as the Origin request", + } enableAPILogsFlag = cli.BoolFlag{ Name: "enable-api-logs", Usage: "enables API requests logging", diff --git a/cmd/thor/main.go b/cmd/thor/main.go index 8eef1cf95..9d88aebd5 100644 --- a/cmd/thor/main.go +++ b/cmd/thor/main.go @@ -82,6 +82,8 @@ func main() { apiAllowCustomTracerFlag, enableAPILogsFlag, apiLogsLimitFlag, + apiAllowedCredsFlag, + apiAllowedOriginsFlag, verbosityFlag, maxPeersFlag, p2pPortFlag, @@ -112,6 +114,8 @@ func main() { apiAllowCustomTracerFlag, enableAPILogsFlag, apiLogsLimitFlag, + apiAllowedCredsFlag, + apiAllowedOriginsFlag, onDemandFlag, blockInterval, persistFlag, @@ -242,6 +246,8 @@ func defaultAction(ctx *cli.Context) error { ctx.Bool(enableAPILogsFlag.Name), ctx.Bool(enableMetricsFlag.Name), ctx.Uint64(apiLogsLimitFlag.Name), + ctx.Bool(apiAllowedCredsFlag.Name), + ctx.Bool(apiAllowedOriginsFlag.Name), ) defer func() { log.Info("closing API..."); apiCloser() }() @@ -381,6 +387,8 @@ func soloAction(ctx *cli.Context) error { ctx.Bool(enableAPILogsFlag.Name), ctx.Bool(enableMetricsFlag.Name), ctx.Uint64(apiLogsLimitFlag.Name), + ctx.Bool(apiAllowedCredsFlag.Name), + ctx.Bool(apiAllowedOriginsFlag.Name), ) defer func() { log.Info("closing API..."); apiCloser() }()