From f5158b3a9f67e0db45da11cb3c0d836c9f384e67 Mon Sep 17 00:00:00 2001 From: Gioacchino Mazzurco Date: Tue, 25 Sep 2018 22:33:35 +0200 Subject: [PATCH] Allow CORS in JsonApiServer --- libretroshare/src/jsonapi/jsonapi.cpp | 35 ++++++++++++++++++++++----- libretroshare/src/jsonapi/jsonapi.h | 10 ++++++++ 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/libretroshare/src/jsonapi/jsonapi.cpp b/libretroshare/src/jsonapi/jsonapi.cpp index 08290a06f..6cb2a579c 100644 --- a/libretroshare/src/jsonapi/jsonapi.cpp +++ b/libretroshare/src/jsonapi/jsonapi.cpp @@ -40,6 +40,26 @@ /*extern*/ JsonApiServer* jsonApiServer = nullptr; +/*static*/ const std::multimap +JsonApiServer::corsHeaders = +{ + { "Access-Control-Allow-Origin", "*" }, + { "Access-Control-Allow-Methods", "GET, POST, OPTIONS"}, + { "Access-Control-Allow-Headers", "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" }, + { "Access-Control-Expose-Headers", "Content-Length,Content-Range" } +}; + +/*static*/ const std::multimap +JsonApiServer::corsOptionsHeaders = +{ + { "Access-Control-Allow-Origin", "*" }, + { "Access-Control-Allow-Methods", "GET, POST, OPTIONS"}, + { "Access-Control-Allow-Headers", "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" }, + { "Access-Control-Max-Age", "1728000" }, // 20 days + { "Content-Type", "text/plain; charset=utf-8" }, + { "Content-Length", "0" } +}; + #define INITIALIZE_API_CALL_JSON_CONTEXT \ RsGenericSerializer::SerializeContext cReq( \ nullptr, 0, \ @@ -65,15 +85,13 @@ std::stringstream ss; \ ss << jAns; \ std::string&& ans(ss.str()); \ - const std::multimap headers \ - { \ - { "Content-Type", "text/json" }, \ - { "Content-Length", std::to_string(ans.length()) } \ - }; \ + auto headers = corsHeaders; \ + headers.insert({ "Content-Type", "text/json" }); \ + headers.insert({ "Content-Length", std::to_string(ans.length()) }); \ session->close(RET_CODE, ans, headers) -static bool checkRsServicePtrReady( +/*static*/ bool JsonApiServer::checkRsServicePtrReady( void* serviceInstance, const std::string& serviceName, RsGenericSerializer::SerializeContext& ctx, const std::shared_ptr session) @@ -244,6 +262,7 @@ void JsonApiServer::registerHandler( resource->set_path(path); resource->set_method_handler("GET", handler); resource->set_method_handler("POST", handler); + resource->set_method_handler("OPTIONS", handleCorsOptions); if(requiresAutentication) resource->set_authentication_handler( @@ -407,3 +426,7 @@ bool JsonApiServer::loadList(std::list& loadList) void JsonApiServer::saveDone() { configMutex.unlock(); } +void JsonApiServer::handleCorsOptions( + const std::shared_ptr session ) +{ session->close(rb::NO_CONTENT, corsOptionsHeaders); } + diff --git a/libretroshare/src/jsonapi/jsonapi.h b/libretroshare/src/jsonapi/jsonapi.h index 5315054ea..6a8c3d94d 100644 --- a/libretroshare/src/jsonapi/jsonapi.h +++ b/libretroshare/src/jsonapi/jsonapi.h @@ -21,6 +21,7 @@ #include #include #include +#include #include "util/rsthreads.h" #include "pqi/p3cfgmgr.h" @@ -188,5 +189,14 @@ private: /// Encrypted persistent storage for authorized JSON API tokens JsonApiServerAuthTokenStorage mAuthTokenStorage; RsMutex configMutex; + + static const std::multimap corsHeaders; + static const std::multimap corsOptionsHeaders; + static void handleCorsOptions(const std::shared_ptr session); + + static bool checkRsServicePtrReady( + void* serviceInstance, const std::string& serviceName, + RsGenericSerializer::SerializeContext& ctx, + const std::shared_ptr session ); };