From 940a88fa4e8fd9f51998d6eb88907547636eaf79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 21 Jan 2019 11:30:24 +0100 Subject: [PATCH] Echo CORS request headers by default (#10221) * Echo CORS request headers by default More details in https://github.com/paritytech/parity-ethereum/issues/6616. * fixup: Single line --- ethcore/res/ethereum/tests | 2 +- rpc/src/lib.rs | 4 +++- rpc/src/tests/rpc.rs | 27 +++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/ethcore/res/ethereum/tests b/ethcore/res/ethereum/tests index 420f44347..2cd62aeec 160000 --- a/ethcore/res/ethereum/tests +++ b/ethcore/res/ethereum/tests @@ -1 +1 @@ -Subproject commit 420f443477caa8516f1f9ee8122fafc3415c0f34 +Subproject commit 2cd62aeec11da29766b30d500f2b9a96f1f28cf0 diff --git a/rpc/src/lib.rs b/rpc/src/lib.rs index 001343d64..2de2f0542 100644 --- a/rpc/src/lib.rs +++ b/rpc/src/lib.rs @@ -114,7 +114,7 @@ pub use ipc::{Server as IpcServer, MetaExtractor as IpcMetaExtractor, RequestCon pub use http::{ hyper, RequestMiddleware, RequestMiddlewareAction, - AccessControlAllowOrigin, Host, DomainsValidation + AccessControlAllowOrigin, Host, DomainsValidation, cors::AccessControlAllowHeaders }; pub use v1::{NetworkSettings, Metadata, Origin, informant, dispatch, signer}; @@ -151,6 +151,7 @@ pub fn start_http( .cors(cors_domains.into()) .allowed_hosts(allowed_hosts.into()) .health_api(("/api/health", "parity_nodeStatus")) + .cors_allow_headers(AccessControlAllowHeaders::Any) .max_request_body_size(max_payload * 1024 * 1024) .start_http(addr)?) } @@ -180,6 +181,7 @@ pub fn start_http_with_middleware( .threads(threads) .cors(cors_domains.into()) .allowed_hosts(allowed_hosts.into()) + .cors_allow_headers(AccessControlAllowHeaders::Any) .max_request_body_size(max_payload * 1024 * 1024) .request_middleware(middleware) .start_http(addr)?) diff --git a/rpc/src/tests/rpc.rs b/rpc/src/tests/rpc.rs index 761ccc4e1..99498c3e5 100644 --- a/rpc/src/tests/rpc.rs +++ b/rpc/src/tests/rpc.rs @@ -116,4 +116,31 @@ mod tests { res.assert_status("HTTP/1.1 200 OK"); assert_eq!(res.body, expected); } + + #[test] + fn should_respond_valid_to_any_requested_header() { + // given + let (server, address) = serve(); + let headers = "Something, Anything, Xyz, 123, _?"; + + // when + let res = request(server, + &format!("\ + OPTIONS / HTTP/1.1\r\n\ + Host: {}\r\n\ + Origin: http://parity.io\r\n\ + Content-Length: 0\r\n\ + Content-Type: application/json\r\n\ + Connection: close\r\n\ + Access-Control-Request-Headers: {}\r\n\ + \r\n\ + ", address, headers) + ); + + // then + assert_eq!(res.status, "HTTP/1.1 200 OK".to_owned()); + let expected = format!("access-control-allow-headers: {}", headers); + assert!(res.headers.contains(&expected), "Headers missing in {:?}", res.headers); + } + }