Add support for multiple cors origins

2020-02-17 17:44:58 +01:00 · 2020-02-17 17:44:58 +01:00 · 413b27a21e
commit 413b27a21e
parent 08109dafbd
2 changed files with 12 additions and 2 deletions
--- a/plugin/config.json
+++ b/plugin/config.json
@ -3,5 +3,5 @@
    "apiLogPath": null,
    "webBindAddress": "127.0.0.1",
    "webBindPort": 8765,
-    "webCorsOrigin": "http://localhost"
+    "webCorsOrigin": ["http://localhost"]
 }
--- a/plugin/web.py
+++ b/plugin/web.py
@ -153,10 +153,20 @@ class WebServer:
            except ValueError:
                body = json.dumps(None).encode('utf-8')

+        # handle multiple cors origins by checking the 'origin'-header against the allowed origin list from the config
+        webCorsOriginsSetting = util.setting('webCorsOrigin')
+        corsOrigin = "http://localhost"
+        if len(webCorsOriginsSetting) == 1:
+            corsOrigin = webCorsOriginsSetting[0]
+        elif b"origin" in req.headers:
+            originStr = req.headers[b"origin"].decode()
+            if originStr in webCorsOriginsSetting:
+                corsOrigin = originStr
+
        headers = [
            ['HTTP/1.1 200 OK', None],
            ['Content-Type', 'text/json'],
-            ['Access-Control-Allow-Origin', util.setting('webCorsOrigin')],
+            ['Access-Control-Allow-Origin', corsOrigin],
            ['Content-Length', str(len(body))]
        ]