From 002b7cbf97e0494caada96dfc0b6043de33f683b Mon Sep 17 00:00:00 2001
From: Yannick Mau <yannick.mau@real-digital.de>
Date: Fri, 28 Feb 2020 01:17:53 +0100
Subject: [PATCH] Deprecate field 'webCorsOrigin' but keep temporary support
 for it.

---
 plugin/config.json |  3 ++-
 plugin/util.py     |  1 +
 plugin/web.py      | 20 +++++++++++++-------
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/plugin/config.json b/plugin/config.json
index 9fd31b6..00f2f30 100644
--- a/plugin/config.json
+++ b/plugin/config.json
@@ -3,5 +3,6 @@
     "apiLogPath": null,
     "webBindAddress": "127.0.0.1",
     "webBindPort": 8765,
-    "webCorsOrigin": ["http://localhost"]
+    "webCorsOrigin": "http://localhost",
+    "webCorsOriginList": ["http://localhost"]
 }
diff --git a/plugin/util.py b/plugin/util.py
index 740840e..c64567a 100644
--- a/plugin/util.py
+++ b/plugin/util.py
@@ -54,6 +54,7 @@ def setting(key):
         'webBindAddress':  os.getenv('ANKICONNECT_BIND_ADDRESS', '127.0.0.1'),
         'webBindPort':     8765,
         'webCorsOrigin':   os.getenv('ANKICONNECT_CORS_ORIGIN', 'http://localhost'),
+        'webCorsOriginList': ['http://localhost'],
         'webTimeout':      10000,
     }
 
diff --git a/plugin/web.py b/plugin/web.py
index adfb71f..5431742 100644
--- a/plugin/web.py
+++ b/plugin/web.py
@@ -154,13 +154,19 @@ class WebServer:
                 body = json.dumps(None).encode('utf-8')
 
         # handle multiple cors origins by checking the 'origin'-header against the allowed origin list from the config
-        webCorsOriginsSetting = util.setting('webCorsOrigin')
-        corsOrigin = "http://localhost"
-        if len(webCorsOriginsSetting) == 1:
-            corsOrigin = webCorsOriginsSetting[0]
-        elif b"origin" in req.headers:
-            originStr = req.headers[b"origin"].decode()
-            if originStr in webCorsOriginsSetting:
+        webCorsOriginList = util.setting('webCorsOriginList')
+
+        # keep support for deprecated 'webCorsOrigin' field, as long it is not removed
+        webCorsOrigin = util.setting('webCorsOrigin')
+        if webCorsOrigin:
+            webCorsOriginList.append(webCorsOrigin)
+
+        corsOrigin = 'http://localhost'
+        if len(webCorsOriginList) == 1:
+            corsOrigin = webCorsOriginList[0]
+        elif b'origin' in req.headers:
+            originStr = req.headers[b'origin'].decode()
+            if originStr in webCorsOriginList:
                 corsOrigin = originStr
 
         headers = [