Skip to content

Commit

Permalink
CORS support
Browse files Browse the repository at this point in the history
  • Loading branch information
Michael-X-Net committed Apr 7, 2024
1 parent c6a2ddb commit 17d91ad
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 9 deletions.
1 change: 1 addition & 0 deletions code/default/launcher/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

config.set_var("control_ip", "127.0.0.1")
config.set_var("control_port", 8085)
config.set_var("allowed_refers", [""])

# System config
config.set_var("language", "") # en_US,
Expand Down
36 changes: 27 additions & 9 deletions code/default/launcher/web_control.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,15 @@ def handle_one_request(self):
self.close_connection = 0


CORS_header = {
"Allow": "GET,POST,OPTIONS",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,POST,OPTIONS",
"Access-Control-Allow-Headers": "Authorization,Content-Type",
"Connection": "close",
"Content-Type": "text/html",
}

class Http_Handler(simple_http_server.HttpServerHandler):
deploy_proc = None

Expand Down Expand Up @@ -95,17 +104,24 @@ def load_module_menus(self):

def do_OPTIONS(self):
try:
origin = utils.to_str(self.headers.get(b'Origin'))
# origin = utils.to_str(self.headers.get(b'Origin'))
# if origin not in self.config.allow_web_origins:
# return

header = {
"Allow": "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS",
"Access-Control-Allow-Origin": origin,
"Access-Control-Allow-Methods": "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS",
"Access-Control-Allow-Headers": "Authorization,Content-Type",
}
return self.send_response(headers=header)
self.headers = utils.to_str(self.headers)
self.path = utils.to_str(self.path)

refer = self.headers.get('Referer')
if refer:
refer_loc = urlparse(refer).netloc
host = self.headers.get('Host')
if refer_loc != host and refer_loc not in config.allowed_refers:
xlog.warn("web control ref:%s host:%s", refer_loc, host)
return

self.set_CORS(CORS_header)

return self.send_response()
except Exception as e:
xlog.exception("options fail:%r", e)
return self.send_not_found()
Expand All @@ -118,10 +134,12 @@ def do_POST(self):
if refer:
refer_loc = urlparse(refer).netloc
host = self.headers.get('Host')
if refer_loc != host:
if refer_loc != host and refer_loc not in config.allowed_refers:
xlog.warn("web control ref:%s host:%s", refer_loc, host)
return

self.set_CORS(CORS_header)

try:
content_type = self.headers.get('Content-Type', "")
ctype, pdict = cgi.parse_header(content_type)
Expand Down
8 changes: 8 additions & 0 deletions code/default/lib/noarch/simple_http_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ class HttpServerHandler():
rbufsize = 32 * 1024
wbufsize = 32 * 1024

res_headers = {}

def __init__(self, sock, client, args, logger=None):
self.connection = sock
sock.setblocking(1)
Expand All @@ -65,6 +67,9 @@ def __init__(self, sock, client, args, logger=None):

self.setup()

def set_CORS(self, headers):
self.res_headers = headers

def setup(self):
pass

Expand Down Expand Up @@ -364,7 +369,10 @@ def send_response(self, mimetype=b"", content=b"", headers=b"", status=200):

content = utils.to_bytes(content)

for key in self.res_headers:
data.append(b"%s: %s\r\n" % (utils.to_bytes(key), utils.to_bytes(self.res_headers[key])))
data.append(b'Content-Length: %d\r\n' % len(content))

if len(headers):
if isinstance(headers, dict):
headers = utils.to_bytes(headers)
Expand Down

0 comments on commit 17d91ad

Please sign in to comment.