Allow CORS in JsonApiServer

libretroshare/src/jsonapi/jsonapi.cpp

@@ -40,6 +40,26 @@
 
 /*extern*/ JsonApiServer* jsonApiServer = nullptr;
 
+/*static*/ const std::multimap<std::string, std::string>
+JsonApiServer::corsHeaders =
+{
+    { "Access-Control-Allow-Origin", "*" },
+    { "Access-Control-Allow-Methods", "GET, POST, OPTIONS"},
+    { "Access-Control-Allow-Headers", "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" },
+    { "Access-Control-Expose-Headers", "Content-Length,Content-Range" }
+};
+
+/*static*/ const std::multimap<std::string, std::string>
+JsonApiServer::corsOptionsHeaders =
+{
+    { "Access-Control-Allow-Origin", "*" },
+    { "Access-Control-Allow-Methods", "GET, POST, OPTIONS"},
+    { "Access-Control-Allow-Headers", "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" },
+    { "Access-Control-Max-Age", "1728000" }, // 20 days
+    { "Content-Type", "text/plain; charset=utf-8" },
+    { "Content-Length", "0" }
+};
+
 #define INITIALIZE_API_CALL_JSON_CONTEXT \
 	RsGenericSerializer::SerializeContext cReq( \
 	            nullptr, 0, \
@@ -65,15 +85,13 @@
 	std::stringstream ss; \
 	ss << jAns; \
 	std::string&& ans(ss.str()); \
-	const std::multimap<std::string, std::string> headers \
+	auto headers = corsHeaders; \
-    { \
+	headers.insert({ "Content-Type", "text/json" }); \
-        { "Content-Type", "text/json" }, \
+	headers.insert({ "Content-Length", std::to_string(ans.length()) }); \
-        { "Content-Length", std::to_string(ans.length()) } \
-	}; \
 	session->close(RET_CODE, ans, headers)
 
 
-static bool checkRsServicePtrReady(
+/*static*/ bool JsonApiServer::checkRsServicePtrReady(
         void* serviceInstance, const std::string& serviceName,
         RsGenericSerializer::SerializeContext& ctx,
         const std::shared_ptr<restbed::Session> session)
@@ -244,6 +262,7 @@ void JsonApiServer::registerHandler(
 	resource->set_path(path);
 	resource->set_method_handler("GET", handler);
 	resource->set_method_handler("POST", handler);
+	resource->set_method_handler("OPTIONS", handleCorsOptions);
 
 	if(requiresAutentication)
 		resource->set_authentication_handler(
@@ -407,3 +426,7 @@ bool JsonApiServer::loadList(std::list<RsItem*>& loadList)
 
 void JsonApiServer::saveDone() { configMutex.unlock(); }
 
+void JsonApiServer::handleCorsOptions(
+        const std::shared_ptr<restbed::Session> session )
+{ session->close(rb::NO_CONTENT, corsOptionsHeaders); }
+

libretroshare/src/jsonapi/jsonapi.h

@@ -21,6 +21,7 @@
 #include <memory>
 #include <restbed>
 #include <cstdint>
+#include <map>
 
 #include "util/rsthreads.h"
 #include "pqi/p3cfgmgr.h"
@@ -188,5 +189,14 @@ private:
 	/// Encrypted persistent storage for authorized JSON API tokens
 	JsonApiServerAuthTokenStorage mAuthTokenStorage;
 	RsMutex configMutex;
+
+	static const std::multimap<std::string, std::string> corsHeaders;
+	static const std::multimap<std::string, std::string> corsOptionsHeaders;
+	static void handleCorsOptions(const std::shared_ptr<rb::Session> session);
+
+	static bool checkRsServicePtrReady(
+	        void* serviceInstance, const std::string& serviceName,
+	        RsGenericSerializer::SerializeContext& ctx,
+	        const std::shared_ptr<restbed::Session> session );
 };