Fix default CORS settings. (#7387)

* Fix default CORS settings.

* Add info regarding special options.
This commit is contained in:
Tomasz Drwięga 2017-12-27 18:56:06 +01:00 committed by Arkadiy Paronyan
parent eb1bb8f5bd
commit 26e4fc680c
5 changed files with 29 additions and 23 deletions

View File

@ -466,9 +466,9 @@ usage! {
"--jsonrpc-threads=[THREADS]",
"Turn on additional processing threads in all RPC servers. Setting this to non-zero value allows parallel cpu-heavy queries execution.",
ARG arg_jsonrpc_cors: (Option<String>) = None, or |c: &Config| otry!(c.rpc).cors.clone(),
ARG arg_jsonrpc_cors: (String) = "none", or |c: &Config| otry!(c.rpc).cors.as_ref().map(|vec| vec.join(",")),
"--jsonrpc-cors=[URL]",
"Specify CORS header for JSON-RPC API responses.",
"Specify CORS header for JSON-RPC API responses. Special options: \"all\", \"none\".",
ARG arg_jsonrpc_server_threads: (Option<usize>) = None, or |c: &Config| otry!(c.rpc).server_threads,
"--jsonrpc-server-threads=[NUM]",
@ -538,9 +538,9 @@ usage! {
"--ipfs-api-hosts=[HOSTS]",
"List of allowed Host header values. This option will validate the Host header sent by the browser, it is additional security against some attack vectors. Special options: \"all\", \"none\".",
ARG arg_ipfs_api_cors: (Option<String>) = None, or |c: &Config| otry!(c.ipfs).cors.clone(),
ARG arg_ipfs_api_cors: (String) = "none", or |c: &Config| otry!(c.ipfs).cors.as_ref().map(|vec| vec.join(",")),
"--ipfs-api-cors=[URL]",
"Specify CORS header for IPFS API responses.",
"Specify CORS header for IPFS API responses. Special options: \"all\", \"none\".",
["Secret store options"]
FLAG flag_no_secretstore: (bool) = false, or |c: &Config| otry!(c.secretstore).disable.clone(),
@ -1052,7 +1052,7 @@ struct Rpc {
disable: Option<bool>,
port: Option<u16>,
interface: Option<String>,
cors: Option<String>,
cors: Option<Vec<String>>,
apis: Option<Vec<String>>,
hosts: Option<Vec<String>>,
server_threads: Option<usize>,
@ -1108,7 +1108,7 @@ struct Ipfs {
enable: Option<bool>,
port: Option<u16>,
interface: Option<String>,
cors: Option<String>,
cors: Option<Vec<String>>,
hosts: Option<Vec<String>>,
}
@ -1468,7 +1468,7 @@ mod tests {
flag_no_jsonrpc: false,
arg_jsonrpc_port: 8545u16,
arg_jsonrpc_interface: "local".into(),
arg_jsonrpc_cors: Some("null".into()),
arg_jsonrpc_cors: "null".into(),
arg_jsonrpc_apis: "web3,eth,net,parity,traces,rpc,secretstore".into(),
arg_jsonrpc_hosts: "none".into(),
arg_jsonrpc_server_threads: None,
@ -1507,7 +1507,7 @@ mod tests {
flag_ipfs_api: false,
arg_ipfs_api_port: 5001u16,
arg_ipfs_api_interface: "local".into(),
arg_ipfs_api_cors: Some("null".into()),
arg_ipfs_api_cors: "null".into(),
arg_ipfs_api_hosts: "none".into(),
// -- Sealing/Mining Options

View File

@ -49,7 +49,7 @@ reserved_peers = "./path_to_file"
disable = false
port = 8545
interface = "local"
cors = "null"
cors = ["null"]
apis = ["web3", "eth", "net", "parity", "traces", "rpc", "secretstore"]
hosts = ["none"]
@ -91,7 +91,7 @@ path = "$HOME/.parity/secretstore"
enable = false
port = 5001
interface = "local"
cors = "null"
cors = ["null"]
hosts = ["none"]
[mining]

View File

@ -775,13 +775,19 @@ impl Configuration {
apis.join(",")
}
fn cors(cors: Option<&String>) -> Option<Vec<String>> {
cors.map(|ref c| c.split(',').map(Into::into).collect())
fn cors(cors: &str) -> Option<Vec<String>> {
match cors {
"none" => return Some(Vec::new()),
"*" | "all" | "any" => return None,
_ => {},
}
Some(cors.split(',').map(Into::into).collect())
}
fn rpc_cors(&self) -> Option<Vec<String>> {
let cors = self.args.arg_jsonrpc_cors.as_ref().or(self.args.arg_rpccorsdomain.as_ref());
Self::cors(cors)
let cors = self.args.arg_rpccorsdomain.clone().unwrap_or_else(|| self.args.arg_jsonrpc_cors.to_owned());
Self::cors(&cors)
}
fn ipfs_cors(&self) -> Option<Vec<String>> {
@ -1458,7 +1464,7 @@ mod tests {
assert_eq!(net.rpc_enabled, true);
assert_eq!(net.rpc_interface, "0.0.0.0".to_owned());
assert_eq!(net.rpc_port, 8000);
assert_eq!(conf.rpc_cors(), Some(vec!["*".to_owned()]));
assert_eq!(conf.rpc_cors(), None);
assert_eq!(conf.rpc_apis(), "web3,eth".to_owned());
}
@ -1525,8 +1531,8 @@ mod tests {
let conf2 = parse(&["parity", "--ipfs-api-cors", "http://parity.io,http://something.io"]);
// then
assert_eq!(conf0.ipfs_cors(), None);
assert_eq!(conf1.ipfs_cors(), Some(vec!["*".into()]));
assert_eq!(conf0.ipfs_cors(), Some(vec![]));
assert_eq!(conf1.ipfs_cors(), None);
assert_eq!(conf2.ipfs_cors(), Some(vec!["http://parity.io".into(),"http://something.io".into()]));
}

View File

@ -34,8 +34,8 @@ impl Default for Configuration {
enabled: false,
port: 5001,
interface: "127.0.0.1".into(),
cors: None,
hosts: Some(Vec::new()),
cors: Some(vec![]),
hosts: Some(vec![]),
}
}
}

View File

@ -59,8 +59,8 @@ impl Default for HttpConfiguration {
interface: "127.0.0.1".into(),
port: 8545,
apis: ApiSet::UnsafeContext,
cors: None,
hosts: Some(Vec::new()),
cors: Some(vec![]),
hosts: Some(vec![]),
server_threads: 1,
processing_threads: 4,
}
@ -98,7 +98,7 @@ impl From<UiConfiguration> for HttpConfiguration {
interface: conf.interface,
port: conf.port,
apis: rpc_apis::ApiSet::UnsafeContext,
cors: None,
cors: Some(vec![]),
hosts: conf.hosts,
server_threads: 1,
processing_threads: 0,