Echo CORS request headers by default (#10221)

* Echo CORS request headers by default More details in https://github.com/paritytech/parity-ethereum/issues/6616. * fixup: Single line
2019-01-21 11:30:24 +01:00 · 2019-01-21 11:30:24 +01:00 · 940a88fa4e
parent 708e495c28
commit 940a88fa4e
3 changed files with 31 additions and 2 deletions
--- a/ethcore/res/ethereum/tests
+++ b/ethcore/res/ethereum/tests
@ -1 +1 @@
-Subproject commit 420f443477caa8516f1f9ee8122fafc3415c0f34
+Subproject commit 2cd62aeec11da29766b30d500f2b9a96f1f28cf0
--- a/rpc/src/lib.rs
+++ b/rpc/src/lib.rs
@ -114,7 +114,7 @@ pub use ipc::{Server as IpcServer, MetaExtractor as IpcMetaExtractor, RequestCon
 pub use http::{
 	hyper,
 	RequestMiddleware, RequestMiddlewareAction,
-	AccessControlAllowOrigin, Host, DomainsValidation
+	AccessControlAllowOrigin, Host, DomainsValidation, cors::AccessControlAllowHeaders
 };

 pub use v1::{NetworkSettings, Metadata, Origin, informant, dispatch, signer};
@ -151,6 +151,7 @@ pub fn start_http<M, S, H, T>(
 		.cors(cors_domains.into())
 		.allowed_hosts(allowed_hosts.into())
 		.health_api(("/api/health", "parity_nodeStatus"))
+		.cors_allow_headers(AccessControlAllowHeaders::Any)
 		.max_request_body_size(max_payload * 1024 * 1024)
 		.start_http(addr)?)
 }
@ -180,6 +181,7 @@ pub fn start_http_with_middleware<M, S, H, T, R>(
 		.threads(threads)
 		.cors(cors_domains.into())
 		.allowed_hosts(allowed_hosts.into())
+		.cors_allow_headers(AccessControlAllowHeaders::Any)
 		.max_request_body_size(max_payload * 1024 * 1024)
 		.request_middleware(middleware)
 		.start_http(addr)?)
--- a/rpc/src/tests/rpc.rs
+++ b/rpc/src/tests/rpc.rs
@ -116,4 +116,31 @@ mod tests {
 		res.assert_status("HTTP/1.1 200 OK");
 		assert_eq!(res.body, expected);
 	}
+
+	#[test]
+	fn should_respond_valid_to_any_requested_header() {
+		// given
+		let (server, address) = serve();
+		let headers = "Something, Anything, Xyz, 123, _?";
+
+		// when
+		let res = request(server,
+		&format!("\
+				OPTIONS / HTTP/1.1\r\n\
+				Host: {}\r\n\
+				Origin: http://parity.io\r\n\
+				Content-Length: 0\r\n\
+				Content-Type: application/json\r\n\
+				Connection: close\r\n\
+				Access-Control-Request-Headers: {}\r\n\
+				\r\n\
+			", address, headers)
+		);
+
+		// then
+		assert_eq!(res.status, "HTTP/1.1 200 OK".to_owned());
+		let expected = format!("access-control-allow-headers: {}", headers);
+		assert!(res.headers.contains(&expected), "Headers missing in {:?}", res.headers);
+	}
+
 }