Fixing CORS headers for parity.web3.site (#4461)

This commit is contained in:
Tomasz Drwięga 2017-02-08 00:11:42 +01:00 committed by Gav Wood
parent 0e8b96a268
commit 5fe993f658
7 changed files with 76 additions and 8 deletions

View File

View File

@ -43,7 +43,7 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Option
if let Some(embeddable_on) = embeddable_on {
headers.set_raw(
"X-Frame-Options",
vec![format!("ALLOW-FROM http://{}", address(embeddable_on)).into_bytes()]
vec![format!("ALLOW-FROM http://{}", address(&embeddable_on)).into_bytes()]
);
} else {
// TODO [ToDr] Should we be more strict here (DENY?)?

View File

@ -253,7 +253,12 @@ impl Server {
match signer_address {
Some(signer_address) => vec![
format!("http://{}{}", HOME_PAGE, DAPPS_DOMAIN),
format!("http://{}", address(signer_address)),
format!("http://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
format!("http://{}", address(&signer_address)),
format!("https://{}{}", HOME_PAGE, DAPPS_DOMAIN),
format!("https://{}{}:{}", HOME_PAGE, DAPPS_DOMAIN, signer_address.1),
format!("https://{}", address(&signer_address)),
],
None => vec![],
}
@ -377,7 +382,7 @@ fn random_filename() -> String {
rng.gen_ascii_chars().take(12).collect()
}
fn address(address: (String, u16)) -> String {
fn address(address: &(String, u16)) -> String {
format!("{}:{}", address.0, address.1)
}
@ -411,6 +416,14 @@ mod util_tests {
// then
assert_eq!(none, Vec::<String>::new());
assert_eq!(some, vec!["http://parity.web3.site".to_owned(), "http://127.0.0.1:18180".into()]);
assert_eq!(some, vec![
"http://parity.web3.site".to_owned(),
"http://parity.web3.site:18180".into(),
"http://127.0.0.1:18180".into(),
"https://parity.web3.site".into(),
"https://parity.web3.site:18180".into(),
"https://127.0.0.1:18180".into()
]);
}
}

View File

@ -35,7 +35,8 @@ impl ProxyPac {
impl Endpoint for ProxyPac {
fn to_handler(&self, path: EndpointPath) -> Box<Handler> {
let signer = self.signer_address.clone()
let signer = self.signer_address
.as_ref()
.map(address)
.unwrap_or_else(|| format!("{}:{}", path.host, path.port));

View File

@ -138,7 +138,7 @@ impl<A: Authorization + 'static> server::Handler<HttpStream> for Router<A> {
},
// Redirect any other GET request to signer.
_ if is_get_request => {
if let Some(signer_address) = self.signer_address.clone() {
if let Some(ref signer_address) = self.signer_address {
trace!(target: "dapps", "Redirecting to signer interface.");
Redirection::boxed(&format!("http://{}", address(signer_address)))
} else {

View File

@ -158,3 +158,57 @@ fn should_return_signer_port_cors_headers_for_home_parity() {
response.headers
);
}
#[test]
fn should_return_signer_port_cors_headers_for_home_parity_with_https() {
// given
let server = serve();
// when
let response = request(server,
"\
POST /api/ping HTTP/1.1\r\n\
Host: localhost:8080\r\n\
Origin: https://parity.web3.site\r\n\
Connection: close\r\n\
\r\n\
{}
"
);
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert!(
response.headers_raw.contains("Access-Control-Allow-Origin: https://parity.web3.site"),
"CORS header for parity.web3.site missing: {:?}",
response.headers
);
}
#[test]
fn should_return_signer_port_cors_headers_for_home_parity_with_port() {
// given
let server = serve();
// when
let response = request(server,
"\
POST /api/ping HTTP/1.1\r\n\
Host: localhost:8080\r\n\
Origin: http://parity.web3.site:18180\r\n\
Connection: close\r\n\
\r\n\
{}
"
);
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
assert!(
response.headers_raw.contains("Access-Control-Allow-Origin: http://parity.web3.site:18180"),
"CORS header for parity.web3.site missing: {:?}",
response.headers
);
}

View File

@ -16,7 +16,7 @@
//! Trace database.
use std::ops::Deref;
use std::collections::HashMap;
use std::collections::{HashMap, VecDeque};
use std::sync::Arc;
use bloomchain::{Number, Config as BloomConfig};
use bloomchain::group::{BloomGroupDatabase, BloomGroupChain, GroupPosition, BloomGroup};
@ -305,7 +305,7 @@ impl<T> TraceDatabase for TraceDB<T> where T: DatabaseExtras {
}
fn trace(&self, block_number: BlockNumber, tx_position: usize, trace_position: Vec<usize>) -> Option<LocalizedTrace> {
let trace_position_deq = trace_position.into_iter().collect();
let trace_position_deq = trace_position.into_iter().collect::<VecDeque<usize>>();
self.extras.block_hash(block_number)
.and_then(|block_hash| self.transactions_traces(&block_hash)
.and_then(|traces| traces.into_iter().nth(tx_position))