Fixing CORS headers for parity.web3.site (#4461)

dapps/src/handlers/mod.rs

@@ -43,7 +43,7 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Option
 	if let Some(embeddable_on) = embeddable_on {
 		headers.set_raw(
 			"X-Frame-Options",
-			vec![format!("ALLOW-FROM http://{}", address(embeddable_on)).into_bytes()]
+			vec![format!("ALLOW-FROM http://{}", address(&embeddable_on)).into_bytes()]
 			);
 	} else {
 		// TODO [ToDr] Should we be more strict here (DENY?)?

dapps/src/lib.rs

@@ -253,7 +253,12 @@ impl Server {
 		match signer_address {
 			Some(signer_address) => vec![
 				format!("http://{}{}", HOME_PAGE, DAPPS_DOMAIN),
-				format!("http://{}", address(signer_address)),
+				format!("http://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
+				format!("http://{}", address(&signer_address)),
+				format!("https://{}{}", HOME_PAGE, DAPPS_DOMAIN),
+				format!("https://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
+				format!("https://{}", address(&signer_address)),
+
 			],
 			None => vec![],
 		}
@@ -377,7 +382,7 @@ fn random_filename() -> String {
 	rng.gen_ascii_chars().take(12).collect()
 }
 
-fn address(address: (String, u16)) -> String {
+fn address(address: &(String, u16)) -> String {
 	format!("{}:{}", address.0, address.1)
 }
 
@@ -411,6 +416,14 @@ mod util_tests {
 
 		// then
 		assert_eq!(none, Vec::<String>::new());
-		assert_eq!(some, vec!["http://parity.web3.site".to_owned(), "http://127.0.0.1:18180".into()]);
+		assert_eq!(some, vec![
+			"http://parity.web3.site".to_owned(),
+			"http://parity.web3.site:18180".into(),
+			"http://127.0.0.1:18180".into(),
+			"https://parity.web3.site".into(),
+			"https://parity.web3.site:18180".into(),
+			"https://127.0.0.1:18180".into()
+
+		]);
 	}
 }

dapps/src/proxypac.rs

@@ -35,7 +35,8 @@ impl ProxyPac {
 
 impl Endpoint for ProxyPac {
 	fn to_handler(&self, path: EndpointPath) -> Box<Handler> {
-		let signer = self.signer_address.clone()
+		let signer = self.signer_address
+			.as_ref()
 			.map(address)
 			.unwrap_or_else(|| format!("{}:{}", path.host, path.port));
 

dapps/src/router/mod.rs

@@ -138,7 +138,7 @@ impl<A: Authorization + 'static> server::Handler<HttpStream> for Router<A> {
 			},
 			// Redirect any other GET request to signer.
 			_ if is_get_request => {
-				if let Some(signer_address) = self.signer_address.clone() {
+				if let Some(ref signer_address) = self.signer_address {
 					trace!(target: "dapps", "Redirecting to signer interface.");
 					Redirection::boxed(&format!("http://{}", address(signer_address)))
 				} else {

dapps/src/tests/api.rs

@@ -158,3 +158,57 @@ fn should_return_signer_port_cors_headers_for_home_parity() {
 		response.headers
 	);
 }
+
+
+#[test]
+fn should_return_signer_port_cors_headers_for_home_parity_with_https() {
+	// given
+	let server = serve();
+
+	// when
+	let response = request(server,
+		"\
+			POST /api/ping HTTP/1.1\r\n\
+			Host: localhost:8080\r\n\
+			Origin: https://parity.web3.site\r\n\
+			Connection: close\r\n\
+			\r\n\
+			{}
+		"
+	);
+
+	// then
+	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
+	assert!(
+		response.headers_raw.contains("Access-Control-Allow-Origin: https://parity.web3.site"),
+		"CORS header for parity.web3.site missing: {:?}",
+		response.headers
+	);
+}
+
+#[test]
+fn should_return_signer_port_cors_headers_for_home_parity_with_port() {
+	// given
+	let server = serve();
+
+	// when
+	let response = request(server,
+		"\
+			POST /api/ping HTTP/1.1\r\n\
+			Host: localhost:8080\r\n\
+			Origin: http://parity.web3.site:18180\r\n\
+			Connection: close\r\n\
+			\r\n\
+			{}
+		"
+	);
+
+	// then
+	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
+	assert!(
+		response.headers_raw.contains("Access-Control-Allow-Origin: http://parity.web3.site:18180"),
+		"CORS header for parity.web3.site missing: {:?}",
+		response.headers
+	);
+}
+

ethcore/src/trace/db.rs

@@ -16,7 +16,7 @@
 
 //! Trace database.
 use std::ops::Deref;
-use std::collections::HashMap;
+use std::collections::{HashMap, VecDeque};
 use std::sync::Arc;
 use bloomchain::{Number, Config as BloomConfig};
 use bloomchain::group::{BloomGroupDatabase, BloomGroupChain, GroupPosition, BloomGroup};
@@ -305,7 +305,7 @@ impl<T> TraceDatabase for TraceDB<T> where T: DatabaseExtras {
 	}
 
 	fn trace(&self, block_number: BlockNumber, tx_position: usize, trace_position: Vec<usize>) -> Option<LocalizedTrace> {
-		let trace_position_deq = trace_position.into_iter().collect();
+		let trace_position_deq = trace_position.into_iter().collect::<VecDeque<usize>>();
 		self.extras.block_hash(block_number)
 			.and_then(|block_hash| self.transactions_traces(&block_hash)
 				.and_then(|traces| traces.into_iter().nth(tx_position))