Skip to content

Commit

Permalink
feat: make public cors configurable
Browse files Browse the repository at this point in the history 
Closes #712
  • Loading branch information
@aeneasr
aeneasr committed Oct 13, 2020
1 parent 91fd278 commit 863a0d4
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 1 deletion.
111 changes: 111 additions & 0 deletions .schema/config.schema.json
View file
Expand Up @@ -694,6 +694,117 @@
"public": {
"type": "object",
"properties": {
"cors": {
"type": "object",
"additionalProperties": false,
"description": "Configures Cross Origin Resource Sharing for public endpoints.",
"properties": {
"enabled": {
"type": "boolean",
"description": "Sets whether CORS is enabled.",
"default": false
},
"allowed_origins": {
"type": "array",
"description": "A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.",
"items": {
"type": "string",
"minLength": 1,
"not": {
"type": "string",
"description": "does match all strings that contain two or more (*)",
"pattern": ".*\\*.*\\*.*"
},
"anyOf": [
{
"format": "uri"
},
{
"const": "*"
}
]
},
"uniqueItems": true,
"default": [
"*"
],
"examples": [
[
"https://example.com",
"https://*.example.com",
"https://*.foo.example.com"
]
]
},
"allowed_methods": {
"type": "array",
"description": "A list of HTTP methods the user agent is allowed to use with cross-domain requests.",
"default": [
"POST",
"GET",
"PUT",
"PATCH",
"DELETE"
],
"items": {
"type": "string",
"enum": [
"POST",
"GET",
"PUT",
"PATCH",
"DELETE",
"CONNECT",
"HEAD",
"OPTIONS",
"TRACE"
]
}
},
"allowed_headers": {
"type": "array",
"description": "A list of non simple headers the client is allowed to use with cross-domain requests.",
"default": [
"Authorization",
"Content-Type"
],
"items": {
"type": "string"
}
},
"exposed_headers": {
"type": "array",
"description": "Sets which headers are safe to expose to the API of a CORS API specification.",
"default": [
"Content-Type"
],
"items": {
"type": "string"
}
},
"allow_credentials": {
"type": "boolean",
"description": "Sets whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.",
"default": true
},
"options_passthrough": {
"type": "boolean",
"description": "TODO",
"default": false
},
"max_age": {
"type": "integer",
"description": "Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request is preceded by a preflight request.",
"default": 0,
"minimum": 0
},
"debug": {
"type": "boolean",
"description": "Adds additional log output to debug server side CORS issues.",
"default": false
}
}
},
"base_url": {
"title": "Public Base URL",
"description": "The URL where the public endpoint is exposed at.",
Expand Down
12 changes: 11 additions & 1 deletion cmd/daemon/serve.go
View file
Expand Up @@ -5,6 +5,10 @@ import (
"strings"
"sync"

"github.com/rs/cors"

"github.com/ory/x/corsx"

"github.com/ory/kratos/metrics/prometheus"

"github.com/ory/analytics-go/v4"
Expand Down Expand Up @@ -63,9 +67,15 @@ func servePublic(d driver.Driver, wg *sync.WaitGroup, cmd *cobra.Command, args [
n.Use(tracer)
}

var handler http.Handler = n
if corsx.IsEnabled(l, "serve.public") {
handler = cors.New(
corsx.ParseOptions(l, "serve.public")).Handler(handler)
}

server := graceful.WithDefaults(&http.Server{
Addr: c.PublicListenOn(),
Handler: context.ClearHandler(n),
Handler: context.ClearHandler(handler),
})

l.Printf("Starting the public httpd on: %s", server.Addr)
Expand Down
2 changes: 2 additions & 0 deletions contrib/quickstart/kratos/email-password/kratos.yml
View file
Expand Up @@ -5,6 +5,8 @@ dsn: memory
serve:
public:
base_url: http://127.0.0.1:4433/
cors:
enabled: true
admin:
base_url: http://kratos:4434/

Expand Down

0 comments on commit 863a0d4

Please sign in to comment.