Merge pull request #136 from mauamy/add-multiple-cors-orgins-support
Add support for multiple cors origins
This commit is contained in:
commit
385ff2a43e
@ -3,5 +3,6 @@
|
|||||||
"apiLogPath": null,
|
"apiLogPath": null,
|
||||||
"webBindAddress": "127.0.0.1",
|
"webBindAddress": "127.0.0.1",
|
||||||
"webBindPort": 8765,
|
"webBindPort": 8765,
|
||||||
"webCorsOrigin": "http://localhost"
|
"webCorsOrigin": "http://localhost",
|
||||||
|
"webCorsOriginList": ["http://localhost"]
|
||||||
}
|
}
|
||||||
|
@ -54,6 +54,7 @@ def setting(key):
|
|||||||
'webBindAddress': os.getenv('ANKICONNECT_BIND_ADDRESS', '127.0.0.1'),
|
'webBindAddress': os.getenv('ANKICONNECT_BIND_ADDRESS', '127.0.0.1'),
|
||||||
'webBindPort': 8765,
|
'webBindPort': 8765,
|
||||||
'webCorsOrigin': os.getenv('ANKICONNECT_CORS_ORIGIN', 'http://localhost'),
|
'webCorsOrigin': os.getenv('ANKICONNECT_CORS_ORIGIN', 'http://localhost'),
|
||||||
|
'webCorsOriginList': ['http://localhost'],
|
||||||
'webTimeout': 10000,
|
'webTimeout': 10000,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,10 +153,26 @@ class WebServer:
|
|||||||
except ValueError:
|
except ValueError:
|
||||||
body = json.dumps(None).encode('utf-8')
|
body = json.dumps(None).encode('utf-8')
|
||||||
|
|
||||||
|
# handle multiple cors origins by checking the 'origin'-header against the allowed origin list from the config
|
||||||
|
webCorsOriginList = util.setting('webCorsOriginList')
|
||||||
|
|
||||||
|
# keep support for deprecated 'webCorsOrigin' field, as long it is not removed
|
||||||
|
webCorsOrigin = util.setting('webCorsOrigin')
|
||||||
|
if webCorsOrigin:
|
||||||
|
webCorsOriginList.append(webCorsOrigin)
|
||||||
|
|
||||||
|
corsOrigin = 'http://localhost'
|
||||||
|
if len(webCorsOriginList) == 1:
|
||||||
|
corsOrigin = webCorsOriginList[0]
|
||||||
|
elif b'origin' in req.headers:
|
||||||
|
originStr = req.headers[b'origin'].decode()
|
||||||
|
if originStr in webCorsOriginList:
|
||||||
|
corsOrigin = originStr
|
||||||
|
|
||||||
headers = [
|
headers = [
|
||||||
['HTTP/1.1 200 OK', None],
|
['HTTP/1.1 200 OK', None],
|
||||||
['Content-Type', 'text/json'],
|
['Content-Type', 'text/json'],
|
||||||
['Access-Control-Allow-Origin', util.setting('webCorsOrigin')],
|
['Access-Control-Allow-Origin', corsOrigin],
|
||||||
['Content-Length', str(len(body))]
|
['Content-Length', str(len(body))]
|
||||||
]
|
]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user