- add CORS logic

git-svn-id: https://gnunet.org/svn/gnunet@36022 140774ce-b5e7-0310-ab8b-a85725594a96

5 files changed, 73 insertions, 6 deletions

diff --git a/src/gns/plugin_rest_gns.c b/src/gns/plugin_rest_gns.c
index d7fc31d4c5..1a5ee9eea8 100644
--- a/src/gns/plugin_rest_gns.c
+++ b/src/gns/plugin_rest_gns.c
@@ -648,6 +648,7 @@ libgnunet_plugin_rest_gns_init (void *cls)
   api->cls = &plugin;
   api->name = API_NAMESPACE;
   api->process_request = &rest_gns_process_request;
+  GNUNET_asprintf (&api->allow_methods, "%s", MHD_HTTP_METHOD_GET);
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               _("GNS REST API initialized\n"));
   return api;
@@ -667,6 +668,7 @@ libgnunet_plugin_rest_gns_done (void *cls)
   struct Plugin *plugin = api->cls;
 
   plugin->cfg = NULL;
+  GNUNET_free_non_null (api->allow_methods);
   GNUNET_free (api);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "GNS REST plugin is finished\n");
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index 53c74dcf22..8a2c24d1f3 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -799,6 +799,14 @@ libgnunet_plugin_rest_identity_init (void *cls)
   api->cls = &plugin;
   api->name = GNUNET_REST_API_NS_IDENTITY;
   api->process_request = &rest_identity_process_request;
+  GNUNET_asprintf (&api->allow_methods,
+                   "%s, %s, %s, %s, %s",
+                   MHD_HTTP_METHOD_GET,
+                   MHD_HTTP_METHOD_POST,
+                   MHD_HTTP_METHOD_PUT,
+                   MHD_HTTP_METHOD_DELETE,
+                   MHD_HTTP_METHOD_OPTIONS);
+
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               _("Identity REST API initialized\n"));
   return api;
@@ -818,6 +826,7 @@ libgnunet_plugin_rest_identity_done (void *cls)
   struct Plugin *plugin = api->cls;
 
   plugin->cfg = NULL;
+  GNUNET_free_non_null (api->allow_methods);
   GNUNET_free (api);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Identity REST plugin is finished\n");
diff --git a/src/include/gnunet_rest_plugin.h b/src/include/gnunet_rest_plugin.h
index e1eabd813e..abc0aea4cf 100644
--- a/src/include/gnunet_rest_plugin.h
+++ b/src/include/gnunet_rest_plugin.h
@@ -59,6 +59,11 @@ struct GNUNET_REST_Plugin
   char *name;
 
   /**
+   * Supported HTTP Methods
+   */
+  char *allow_methods;
+
+  /**
    * Function to process a REST call
    * 
    * @param method the HTTP method called
diff --git a/src/rest/gnunet-rest-server.c b/src/rest/gnunet-rest-server.c
index c9c7d64bf2..3ce177e9cd 100644
--- a/src/rest/gnunet-rest-server.c
+++ b/src/rest/gnunet-rest-server.c
@@ -109,6 +109,16 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
 static struct GNUNET_CONTAINER_MultiHashMap *plugin_map;
 
 /**
+ * Allowed Origins (CORS)
+ */
+static char* allow_origin;
+
+/**
+ * Allowed Headers (CORS)
+ */
+static char* allow_headers;
+
+/**
  * MHD Connection handle 
  */
 struct MhdConnectionHandle
@@ -325,13 +335,31 @@ create_response (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Queueing response from plugin with MHD\n");
-    /* FIXME: this is a bit dangerous... only for testing. */
-    MHD_add_response_header (con_handle->response,
-			     "Access-Control-Allow-Origin",
-			     "*");
+    //Handle Preflights
+    if (0 == strcmp(meth, MHD_HTTP_METHOD_OPTIONS))
+    {
+      if (NULL != allow_origin)
+      {
+        MHD_add_response_header (con_handle->response,
+                                 "Access-Control-Allow-Origin",
+                                 allow_origin);
+      }
+      if (NULL != allow_headers)
+      {
+        MHD_add_response_header (con_handle->response,
+                                 "Access-Control-Allow-Headers",
+                                 allow_headers);
+      }
+      if (NULL != con_handle->plugin)
+      {
+        MHD_add_response_header (con_handle->response,
+                                 "Access-Control-Allow-Methods",
+                                 con_handle->plugin->allow_methods);
+      }
+    }
     int ret = MHD_queue_response (con,
-                                 con_handle->status,
-                                 con_handle->response);
+                                  con_handle->status,
+                                  con_handle->response);
     cleanup_handle (con_handle);
     return ret;
   }
@@ -547,6 +575,8 @@ do_shutdown (void *cls,
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Shutting down...\n");
   kill_httpd ();
+  GNUNET_free_non_null (allow_origin);
+  GNUNET_free_non_null (allow_headers);
 }
 
 
@@ -679,6 +709,25 @@ run (void *cls,
   cfg = c;
   plugin_map = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
 
+  /* Get CORS data from cfg */
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest",
+                                                          "REST_ALLOW_ORIGIN",
+                                                          &allow_origin))
+  {
+    //No origin specified
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "No CORS Access-Control-Allow-Origin Header will be sent...\n");
+  }
+
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest",
+                                                          "REST_ALLOW_HEADERS",
+                                                          &allow_headers))
+  {
+    //No origin specified
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "No CORS Access-Control-Allow-Headers Header will be sent...\n");
+  }
+
   /* Open listen socket proxy */
   lsock6 = bind_v6 ();
   if (NULL == lsock6)
diff --git a/src/rest/rest.conf b/src/rest/rest.conf
index febc51486d..2ee3ba4b28 100644
--- a/src/rest/rest.conf
+++ b/src/rest/rest.conf
@@ -1,3 +1,5 @@
 [rest]
 BINARY=gnunet-rest-server
 REST_PORT=7776
+REST_ALLOW_HEADERS=Authorization
+REST_ALLOW_ORIGIN=localhost