Skip to content

Commit 17d91ad

Browse files
committed
CORS support
1 parent c6a2ddb commit 17d91ad

File tree

3 files changed

+36
-9
lines changed

3 files changed

+36
-9
lines changed

code/default/launcher/config.py

+1
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424

2525
config.set_var("control_ip", "127.0.0.1")
2626
config.set_var("control_port", 8085)
27+
config.set_var("allowed_refers", [""])
2728

2829
# System config
2930
config.set_var("language", "") # en_US,

code/default/launcher/web_control.py

+27-9
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,15 @@ def handle_one_request(self):
6767
self.close_connection = 0
6868

6969

70+
CORS_header = {
71+
"Allow": "GET,POST,OPTIONS",
72+
"Access-Control-Allow-Origin": "*",
73+
"Access-Control-Allow-Methods": "GET,POST,OPTIONS",
74+
"Access-Control-Allow-Headers": "Authorization,Content-Type",
75+
"Connection": "close",
76+
"Content-Type": "text/html",
77+
}
78+
7079
class Http_Handler(simple_http_server.HttpServerHandler):
7180
deploy_proc = None
7281

@@ -95,17 +104,24 @@ def load_module_menus(self):
95104

96105
def do_OPTIONS(self):
97106
try:
98-
origin = utils.to_str(self.headers.get(b'Origin'))
107+
# origin = utils.to_str(self.headers.get(b'Origin'))
99108
# if origin not in self.config.allow_web_origins:
100109
# return
101110

102-
header = {
103-
"Allow": "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS",
104-
"Access-Control-Allow-Origin": origin,
105-
"Access-Control-Allow-Methods": "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS",
106-
"Access-Control-Allow-Headers": "Authorization,Content-Type",
107-
}
108-
return self.send_response(headers=header)
111+
self.headers = utils.to_str(self.headers)
112+
self.path = utils.to_str(self.path)
113+
114+
refer = self.headers.get('Referer')
115+
if refer:
116+
refer_loc = urlparse(refer).netloc
117+
host = self.headers.get('Host')
118+
if refer_loc != host and refer_loc not in config.allowed_refers:
119+
xlog.warn("web control ref:%s host:%s", refer_loc, host)
120+
return
121+
122+
self.set_CORS(CORS_header)
123+
124+
return self.send_response()
109125
except Exception as e:
110126
xlog.exception("options fail:%r", e)
111127
return self.send_not_found()
@@ -118,10 +134,12 @@ def do_POST(self):
118134
if refer:
119135
refer_loc = urlparse(refer).netloc
120136
host = self.headers.get('Host')
121-
if refer_loc != host:
137+
if refer_loc != host and refer_loc not in config.allowed_refers:
122138
xlog.warn("web control ref:%s host:%s", refer_loc, host)
123139
return
124140

141+
self.set_CORS(CORS_header)
142+
125143
try:
126144
content_type = self.headers.get('Content-Type', "")
127145
ctype, pdict = cgi.parse_header(content_type)

code/default/lib/noarch/simple_http_server.py

+8
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,8 @@ class HttpServerHandler():
4949
rbufsize = 32 * 1024
5050
wbufsize = 32 * 1024
5151

52+
res_headers = {}
53+
5254
def __init__(self, sock, client, args, logger=None):
5355
self.connection = sock
5456
sock.setblocking(1)
@@ -65,6 +67,9 @@ def __init__(self, sock, client, args, logger=None):
6567

6668
self.setup()
6769

70+
def set_CORS(self, headers):
71+
self.res_headers = headers
72+
6873
def setup(self):
6974
pass
7075

@@ -364,7 +369,10 @@ def send_response(self, mimetype=b"", content=b"", headers=b"", status=200):
364369

365370
content = utils.to_bytes(content)
366371

372+
for key in self.res_headers:
373+
data.append(b"%s: %s\r\n" % (utils.to_bytes(key), utils.to_bytes(self.res_headers[key])))
367374
data.append(b'Content-Length: %d\r\n' % len(content))
375+
368376
if len(headers):
369377
if isinstance(headers, dict):
370378
headers = utils.to_bytes(headers)

0 commit comments

Comments
 (0)