From 5fe993f65885a0aaf35045858c80466ca52984ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Drwi=C4=99ga?= Date: Wed, 8 Feb 2017 00:11:42 +0100 Subject: [PATCH] Fixing CORS headers for parity.web3.site (#4461) --- dapps/src/api/cors.rs | 0 dapps/src/handlers/mod.rs | 2 +- dapps/src/lib.rs | 19 +++++++++++--- dapps/src/proxypac.rs | 3 ++- dapps/src/router/mod.rs | 2 +- dapps/src/tests/api.rs | 54 +++++++++++++++++++++++++++++++++++++++ ethcore/src/trace/db.rs | 4 +-- 7 files changed, 76 insertions(+), 8 deletions(-) delete mode 100644 dapps/src/api/cors.rs diff --git a/dapps/src/api/cors.rs b/dapps/src/api/cors.rs deleted file mode 100644 index e69de29bb..000000000 diff --git a/dapps/src/handlers/mod.rs b/dapps/src/handlers/mod.rs index 51964648d..cec7be631 100644 --- a/dapps/src/handlers/mod.rs +++ b/dapps/src/handlers/mod.rs @@ -43,7 +43,7 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Option if let Some(embeddable_on) = embeddable_on { headers.set_raw( "X-Frame-Options", - vec![format!("ALLOW-FROM http://{}", address(embeddable_on)).into_bytes()] + vec![format!("ALLOW-FROM http://{}", address(&embeddable_on)).into_bytes()] ); } else { // TODO [ToDr] Should we be more strict here (DENY?)? diff --git a/dapps/src/lib.rs b/dapps/src/lib.rs index 50dcb39b1..cd4479525 100644 --- a/dapps/src/lib.rs +++ b/dapps/src/lib.rs @@ -253,7 +253,12 @@ impl Server { match signer_address { Some(signer_address) => vec![ format!("http://{}{}", HOME_PAGE, DAPPS_DOMAIN), - format!("http://{}", address(signer_address)), + format!("http://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1), + format!("http://{}", address(&signer_address)), + format!("https://{}{}", HOME_PAGE, DAPPS_DOMAIN), + format!("https://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1), + format!("https://{}", address(&signer_address)), + ], None => vec![], } @@ -377,7 +382,7 @@ fn random_filename() -> String { rng.gen_ascii_chars().take(12).collect() } -fn address(address: (String, u16)) -> String { +fn address(address: &(String, u16)) -> String { format!("{}:{}", address.0, address.1) } @@ -411,6 +416,14 @@ mod util_tests { // then assert_eq!(none, Vec::::new()); - assert_eq!(some, vec!["http://parity.web3.site".to_owned(), "http://127.0.0.1:18180".into()]); + assert_eq!(some, vec![ + "http://parity.web3.site".to_owned(), + "http://parity.web3.site:18180".into(), + "http://127.0.0.1:18180".into(), + "https://parity.web3.site".into(), + "https://parity.web3.site:18180".into(), + "https://127.0.0.1:18180".into() + + ]); } } diff --git a/dapps/src/proxypac.rs b/dapps/src/proxypac.rs index 8a4249476..16459d88e 100644 --- a/dapps/src/proxypac.rs +++ b/dapps/src/proxypac.rs @@ -35,7 +35,8 @@ impl ProxyPac { impl Endpoint for ProxyPac { fn to_handler(&self, path: EndpointPath) -> Box { - let signer = self.signer_address.clone() + let signer = self.signer_address + .as_ref() .map(address) .unwrap_or_else(|| format!("{}:{}", path.host, path.port)); diff --git a/dapps/src/router/mod.rs b/dapps/src/router/mod.rs index dbaf4dbb0..f34151552 100644 --- a/dapps/src/router/mod.rs +++ b/dapps/src/router/mod.rs @@ -138,7 +138,7 @@ impl server::Handler for Router { }, // Redirect any other GET request to signer. _ if is_get_request => { - if let Some(signer_address) = self.signer_address.clone() { + if let Some(ref signer_address) = self.signer_address { trace!(target: "dapps", "Redirecting to signer interface."); Redirection::boxed(&format!("http://{}", address(signer_address))) } else { diff --git a/dapps/src/tests/api.rs b/dapps/src/tests/api.rs index 05e285264..0930aa0ce 100644 --- a/dapps/src/tests/api.rs +++ b/dapps/src/tests/api.rs @@ -158,3 +158,57 @@ fn should_return_signer_port_cors_headers_for_home_parity() { response.headers ); } + + +#[test] +fn should_return_signer_port_cors_headers_for_home_parity_with_https() { + // given + let server = serve(); + + // when + let response = request(server, + "\ + POST /api/ping HTTP/1.1\r\n\ + Host: localhost:8080\r\n\ + Origin: https://parity.web3.site\r\n\ + Connection: close\r\n\ + \r\n\ + {} + " + ); + + // then + assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned()); + assert!( + response.headers_raw.contains("Access-Control-Allow-Origin: https://parity.web3.site"), + "CORS header for parity.web3.site missing: {:?}", + response.headers + ); +} + +#[test] +fn should_return_signer_port_cors_headers_for_home_parity_with_port() { + // given + let server = serve(); + + // when + let response = request(server, + "\ + POST /api/ping HTTP/1.1\r\n\ + Host: localhost:8080\r\n\ + Origin: http://parity.web3.site:18180\r\n\ + Connection: close\r\n\ + \r\n\ + {} + " + ); + + // then + assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned()); + assert!( + response.headers_raw.contains("Access-Control-Allow-Origin: http://parity.web3.site:18180"), + "CORS header for parity.web3.site missing: {:?}", + response.headers + ); +} + diff --git a/ethcore/src/trace/db.rs b/ethcore/src/trace/db.rs index cbd0ce3d9..206f1cb7e 100644 --- a/ethcore/src/trace/db.rs +++ b/ethcore/src/trace/db.rs @@ -16,7 +16,7 @@ //! Trace database. use std::ops::Deref; -use std::collections::HashMap; +use std::collections::{HashMap, VecDeque}; use std::sync::Arc; use bloomchain::{Number, Config as BloomConfig}; use bloomchain::group::{BloomGroupDatabase, BloomGroupChain, GroupPosition, BloomGroup}; @@ -305,7 +305,7 @@ impl TraceDatabase for TraceDB where T: DatabaseExtras { } fn trace(&self, block_number: BlockNumber, tx_position: usize, trace_position: Vec) -> Option { - let trace_position_deq = trace_position.into_iter().collect(); + let trace_position_deq = trace_position.into_iter().collect::>(); self.extras.block_hash(block_number) .and_then(|block_hash| self.transactions_traces(&block_hash) .and_then(|traces| traces.into_iter().nth(tx_position))