add CORS, fixes #50.

m1k1o · Jan 26, 2024 · 4c25571 · 4c25571
1 parent f7cf54d
commit 4c25571
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,9 @@ static: /var/www/html
 # X-Forwarded-For headers will be used to determine the client IP
 proxy: true
 
+# allow CORS requests (for web players)
+cors: true
+
 # For live streaming
 streams:
   cam: rtmp://localhost/live/cam

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.17
 require (
 	github.com/fsnotify/fsnotify v1.5.1
 	github.com/go-chi/chi/v5 v5.0.10
+	github.com/go-chi/cors v1.2.1
 	github.com/mitchellh/mapstructure v1.4.2 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/rs/zerolog v1.25.0

diff --git a/go.sum b/go.sum
@@ -86,6 +86,8 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
 github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -89,6 +89,7 @@ type Server struct {
 	Bind   string
 	Static string
 	Proxy  bool
+	CORS   bool
 
 	BaseDir  string            `yaml:"basedir,omitempty"`
 	Streams  map[string]string `yaml:"streams"`
@@ -126,6 +127,11 @@ func (Server) Init(cmd *cobra.Command) error {
 		return err
 	}
 
+	cmd.PersistentFlags().Bool("cors", false, "enable CORS")
+	if err := viper.BindPFlag("cors", cmd.PersistentFlags().Lookup("cors")); err != nil {
+		return err
+	}
+
 	cmd.PersistentFlags().String("basedir", "", "base directory for assets and profiles")
 	if err := viper.BindPFlag("basedir", cmd.PersistentFlags().Lookup("basedir")); err != nil {
 		return err
@@ -145,6 +151,7 @@ func (s *Server) Set() {
 	s.Bind = viper.GetString("bind")
 	s.Static = viper.GetString("static")
 	s.Proxy = viper.GetBool("proxy")
+	s.CORS = viper.GetBool("cors")
 
 	s.BaseDir = viper.GetString("basedir")
 	if s.BaseDir == "" {

diff --git a/internal/http/http.go b/internal/http/http.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 
@@ -26,12 +27,23 @@ func New(config *config.Server) *HttpManagerCtx {
 
 	router := chi.NewRouter()
 	router.Use(middleware.RequestID) // Create a request ID for each request
-	router.Use(middleware.RequestLogger(&logformatter{logger}))
-	router.Use(middleware.Recoverer) // Recover from panics without crashing server
-
 	if config.Proxy {
 		router.Use(middleware.RealIP)
 	}
+	router.Use(middleware.RequestLogger(&logformatter{logger}))
+	router.Use(middleware.Recoverer) // Recover from panics without crashing server
+	if config.CORS {
+		router.Use(cors.Handler(cors.Options{
+			AllowOriginFunc: func(r *http.Request, origin string) bool {
+				return true
+			},
+			AllowedMethods:   []string{"GET", "OPTIONS"},
+			AllowedHeaders:   []string{"Accept", "Content-Type", "Content-Length", "Accept-Encoding"},
+			ExposedHeaders:   []string{"Link"},
+			AllowCredentials: true,
+			MaxAge:           300, // Maximum value not ignored by any of major browsers
+		}))
+	}
 
 	// serve static files
 	if config.Static != "" {