Fixing CORS headers for parity.web3.site (#4461)

2017-02-08 00:11:42 +01:00 · 2017-02-08 00:11:42 +01:00 · 5fe993f658
parent 0e8b96a268
commit 5fe993f658
7 changed files with 76 additions and 8 deletions
--- a/dapps/src/api/cors.rs
+++ b/dapps/src/api/cors.rs
--- a/dapps/src/handlers/mod.rs
+++ b/dapps/src/handlers/mod.rs
@ -43,7 +43,7 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Option
 	if let Some(embeddable_on) = embeddable_on {
 		headers.set_raw(
 			"X-Frame-Options",
-			vec![format!("ALLOW-FROM http://{}", address(embeddable_on)).into_bytes()]
+			vec![format!("ALLOW-FROM http://{}", address(&embeddable_on)).into_bytes()]
 			);
 	} else {
 		// TODO [ToDr] Should we be more strict here (DENY?)?
--- a/dapps/src/lib.rs
+++ b/dapps/src/lib.rs
@ -253,7 +253,12 @@ impl Server {
 		match signer_address {
 			Some(signer_address) => vec![
 				format!("http://{}{}", HOME_PAGE, DAPPS_DOMAIN),
-				format!("http://{}", address(signer_address)),
+				format!("http://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
+				format!("http://{}", address(&signer_address)),
+				format!("https://{}{}", HOME_PAGE, DAPPS_DOMAIN),
+				format!("https://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
+				format!("https://{}", address(&signer_address)),
+
 			],
 			None => vec![],
 		}
@ -377,7 +382,7 @@ fn random_filename() -> String {
 	rng.gen_ascii_chars().take(12).collect()
 }

-fn address(address: (String, u16)) -> String {
+fn address(address: &(String, u16)) -> String {
 	format!("{}:{}", address.0, address.1)
 }

@ -411,6 +416,14 @@ mod util_tests {

 		// then
 		assert_eq!(none, Vec::<String>::new());
-		assert_eq!(some, vec!["http://parity.web3.site".to_owned(), "http://127.0.0.1:18180".into()]);
+		assert_eq!(some, vec![
+			"http://parity.web3.site".to_owned(),
+			"http://parity.web3.site:18180".into(),
+			"http://127.0.0.1:18180".into(),
+			"https://parity.web3.site".into(),
+			"https://parity.web3.site:18180".into(),
+			"https://127.0.0.1:18180".into()
+
+		]);
 	}
 }
--- a/dapps/src/proxypac.rs
+++ b/dapps/src/proxypac.rs
@ -35,7 +35,8 @@ impl ProxyPac {

 impl Endpoint for ProxyPac {
 	fn to_handler(&self, path: EndpointPath) -> Box<Handler> {
-		let signer = self.signer_address.clone()
+		let signer = self.signer_address
+			.as_ref()
 			.map(address)
 			.unwrap_or_else(|| format!("{}:{}", path.host, path.port));

--- a/dapps/src/router/mod.rs
+++ b/dapps/src/router/mod.rs
@ -138,7 +138,7 @@ impl<A: Authorization + 'static> server::Handler<HttpStream> for Router<A> {
 			},
 			// Redirect any other GET request to signer.
 			_ if is_get_request => {
-				if let Some(signer_address) = self.signer_address.clone() {
+				if let Some(ref signer_address) = self.signer_address {
 					trace!(target: "dapps", "Redirecting to signer interface.");
 					Redirection::boxed(&format!("http://{}", address(signer_address)))
 				} else {
--- a/dapps/src/tests/api.rs
+++ b/dapps/src/tests/api.rs
@ -158,3 +158,57 @@ fn should_return_signer_port_cors_headers_for_home_parity() {
 		response.headers
 	);
 }
+
+
+#[test]
+fn should_return_signer_port_cors_headers_for_home_parity_with_https() {
+	// given
+	let server = serve();
+
+	// when
+	let response = request(server,
+		"\
+			POST /api/ping HTTP/1.1\r\n\
+			Host: localhost:8080\r\n\
+			Origin: https://parity.web3.site\r\n\
+			Connection: close\r\n\
+			\r\n\
+			{}
+		"
+	);
+
+	// then
+	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
+	assert!(
+		response.headers_raw.contains("Access-Control-Allow-Origin: https://parity.web3.site"),
+		"CORS header for parity.web3.site missing: {:?}",
+		response.headers
+	);
+}
+
+#[test]
+fn should_return_signer_port_cors_headers_for_home_parity_with_port() {
+	// given
+	let server = serve();
+
+	// when
+	let response = request(server,
+		"\
+			POST /api/ping HTTP/1.1\r\n\
+			Host: localhost:8080\r\n\
+			Origin: http://parity.web3.site:18180\r\n\
+			Connection: close\r\n\
+			\r\n\
+			{}
+		"
+	);
+
+	// then
+	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
+	assert!(
+		response.headers_raw.contains("Access-Control-Allow-Origin: http://parity.web3.site:18180"),
+		"CORS header for parity.web3.site missing: {:?}",
+		response.headers
+	);
+}
+
--- a/ethcore/src/trace/db.rs
+++ b/ethcore/src/trace/db.rs
@ -16,7 +16,7 @@

 //! Trace database.
 use std::ops::Deref;
-use std::collections::HashMap;
+use std::collections::{HashMap, VecDeque};
 use std::sync::Arc;
 use bloomchain::{Number, Config as BloomConfig};
 use bloomchain::group::{BloomGroupDatabase, BloomGroupChain, GroupPosition, BloomGroup};
@ -305,7 +305,7 @@ impl<T> TraceDatabase for TraceDB<T> where T: DatabaseExtras {
 	}

 	fn trace(&self, block_number: BlockNumber, tx_position: usize, trace_position: Vec<usize>) -> Option<LocalizedTrace> {
-		let trace_position_deq = trace_position.into_iter().collect();
+		let trace_position_deq = trace_position.into_iter().collect::<VecDeque<usize>>();
 		self.extras.block_hash(block_number)
 			.and_then(|block_hash| self.transactions_traces(&block_hash)
 				.and_then(|traces| traces.into_iter().nth(tx_position))