Permalink
Browse files

Merge pull request #2162 from cmouse/cors-3.4.2

Implement CORS for API in 3.4.2
  • Loading branch information...
2 parents b4ec12d + 683b9bd commit 73004f1e6931a9ee96484eca7fc8a78df92252fd @Habbie Habbie committed Feb 2, 2015
Showing with 32 additions and 2 deletions.
  1. +20 −1 pdns/webserver.cc
  2. +11 −0 regression-tests.api/test_Basics.py
  3. +1 −1 regression-tests.api/test_helper.py
View
@@ -101,8 +101,27 @@ void WebServer::registerBareHandler(const string& url, HandlerFunction handler)
YaHTTP::Router::Any(url, f);
}
+static bool optionsHandler(HttpRequest* req, HttpResponse* resp) {
+ if (req->method == "OPTIONS") {
+ resp->headers["access-control-allow-origin"] = "*";
+ resp->headers["access-control-allow-headers"] = "Content-Type, X-API-Key";
+ resp->headers["access-control-allow-methods"] = "GET, POST, PUT, PATCH, DELETE, OPTIONS";
+ resp->headers["access-control-max-age"] = "3600";
+ resp->status = 200;
+ resp->headers["content-type"]= "text/plain";
+ resp->body = "";
+ return true;
+ }
+ return false;
+}
+
static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
const string& api_key = arg()["experimental-api-key"];
+
+ if (optionsHandler(req, resp)) return;
+
+ resp->headers["access-control-allow-origin"] = "*";
+
if (api_key.empty()) {
L<<Logger::Debug<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
throw HttpUnauthorizedException();
@@ -113,7 +132,6 @@ static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
throw HttpUnauthorizedException();
}
- resp->headers["Access-Control-Allow-Origin"] = "*";
resp->headers["Content-Type"] = "application/json";
string callback;
@@ -155,6 +173,7 @@ void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
const string& web_password = arg()["webserver-password"];
+
if (!web_password.empty()) {
bool auth_ok = req->compareAuthorization(web_password);
if (!auth_ok) {
@@ -31,3 +31,14 @@ def test_split_request(self):
status = resp.splitlines(0)[0]
if '400' in status:
raise Exception('Got unwanted response: %s' % status)
+
+ def test_cors(self):
+ r = self.session.options(self.url("/servers/localhost"))
+ # look for CORS headers
+
+ self.assertEquals(r.status_code, requests.codes.ok)
+ self.assertEquals(r.headers['access-control-allow-origin'], "*")
+ self.assertEquals(r.headers['access-control-allow-headers'], 'Content-Type, X-API-Key')
+ self.assertEquals(r.headers['access-control-allow-methods'], 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
+
+ print "response", repr(r.headers)
@@ -15,7 +15,7 @@ def setUp(self):
self.server_port = int(os.environ.get('WEBPORT', '5580'))
self.server_url = 'http://%s:%s/' % (self.server_address, self.server_port)
self.session = requests.Session()
- self.session.headers = {'x-api-key': os.environ.get('APIKEY', 'changeme-key')}
+ self.session.headers = {'X-API-Key': os.environ.get('APIKEY', 'changeme-key'), 'Origin': 'http://%s:%s' % (self.server_address, self.server_port)}
def url(self, relative_url):
return urlparse.urljoin(self.server_url, relative_url)

0 comments on commit 73004f1

Please sign in to comment.