From 2810c478a7f2497fad1300ce63c8476bb50a6ad0 Mon Sep 17 00:00:00 2001
From: Boaz Shuster <boaz.shuster.github@gmail.com>
Date: Wed, 2 Jun 2021 23:32:58 +0300
Subject: Add CORS support

[NO TESTS NEEDED]

Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
---
 pkg/api/server/handler_api.go |  6 ++++++
 pkg/api/server/server.go      | 21 +++++++++++++++++----
 pkg/domain/entities/system.go |  7 ++++---
 3 files changed, 27 insertions(+), 7 deletions(-)

(limited to 'pkg')

diff --git a/pkg/api/server/handler_api.go b/pkg/api/server/handler_api.go
index 28b8706a8..becc674c0 100644
--- a/pkg/api/server/handler_api.go
+++ b/pkg/api/server/handler_api.go
@@ -63,6 +63,12 @@ func (s *APIServer) APIHandler(h http.HandlerFunc) http.HandlerFunc {
 			w.Header().Set("Libpod-API-Version", lv)
 			w.Header().Set("Server", "Libpod/"+lv+" ("+runtime.GOOS+")")
 
+			if s.CorsHeaders != "" {
+				w.Header().Set("Access-Control-Allow-Origin", s.CorsHeaders)
+				w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth, Connection, Upgrade, X-Registry-Config")
+				w.Header().Set("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
+			}
+
 			h(w, r)
 			logrus.Debugf("APIHandler(%s) -- %s %s END", rid, r.Method, r.URL.String())
 		}
diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 972541bc6..1e8faf8f5 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -34,10 +34,12 @@ type APIServer struct {
 	context.CancelFunc               // Stop APIServer
 	idleTracker        *idle.Tracker // Track connections to support idle shutdown
 	pprof              *http.Server  // Sidecar http server for providing performance data
+	CorsHeaders        string        // Inject CORS headers to each request
 }
 
 // Number of seconds to wait for next request, if exceeded shutdown server
 const (
+	DefaultCorsHeaders       = ""
 	DefaultServiceDuration   = 300 * time.Second
 	UnlimitedServiceDuration = 0 * time.Second
 )
@@ -45,17 +47,22 @@ const (
 // shutdownOnce ensures Shutdown() may safely be called from several go routines
 var shutdownOnce sync.Once
 
+type Options struct {
+	Timeout     time.Duration
+	CorsHeaders string
+}
+
 // NewServer will create and configure a new API server with all defaults
 func NewServer(runtime *libpod.Runtime) (*APIServer, error) {
-	return newServer(runtime, DefaultServiceDuration, nil)
+	return newServer(runtime, DefaultServiceDuration, nil, DefaultCorsHeaders)
 }
 
 // NewServerWithSettings will create and configure a new API server using provided settings
-func NewServerWithSettings(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener) (*APIServer, error) {
-	return newServer(runtime, duration, listener)
+func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts Options) (*APIServer, error) {
+	return newServer(runtime, opts.Timeout, listener, opts.CorsHeaders)
 }
 
-func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener) (*APIServer, error) {
+func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener, corsHeaders string) (*APIServer, error) {
 	// If listener not provided try socket activation protocol
 	if listener == nil {
 		if _, found := os.LookupEnv("LISTEN_PID"); !found {
@@ -71,6 +78,11 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
 		}
 		listener = &listeners[0]
 	}
+	if corsHeaders == "" {
+		logrus.Debug("CORS Headers were not set")
+	} else {
+		logrus.Debugf("CORS Headers were set to %s", corsHeaders)
+	}
 
 	logrus.Infof("API server listening on %q", (*listener).Addr())
 	router := mux.NewRouter().UseEncodedPath()
@@ -88,6 +100,7 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
 		idleTracker: idle,
 		Listener:    *listener,
 		Runtime:     runtime,
+		CorsHeaders: corsHeaders,
 	}
 
 	router.NotFoundHandler = http.HandlerFunc(
diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go
index 31a6185dc..cca4bf44e 100644
--- a/pkg/domain/entities/system.go
+++ b/pkg/domain/entities/system.go
@@ -11,9 +11,10 @@ import (
 
 // ServiceOptions provides the input for starting an API Service
 type ServiceOptions struct {
-	URI     string         // Path to unix domain socket service should listen on
-	Timeout time.Duration  // duration of inactivity the service should wait before shutting down
-	Command *cobra.Command // CLI command provided. Used in V1 code
+	URI         string         // Path to unix domain socket service should listen on
+	Timeout     time.Duration  // duration of inactivity the service should wait before shutting down
+	Command     *cobra.Command // CLI command provided. Used in V1 code
+	CorsHeaders string         // CORS headers
 }
 
 // SystemPruneOptions provides options to prune system.
-- 
cgit v1.2.3-54-g00ecf