Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c91767a

Browse filesBrowse files
fabpotfabpot
authored
Merge pull request #293 from Kocal/feat/229-cors
feat(http): add flag/config to allow CORS requests, close #229
2 parents df780de + ac66e13 commit c91767a
Copy full SHA for c91767a

File tree

5 files changed

+62
-0
lines changed
Filter options

5 files changed

+62
-0
lines changed

‎commands/local_server_start.go

Copy file name to clipboardExpand all lines: commands/local_server_start.go
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ import (
5252

5353
var localWebServerProdWarningMsg = "The local web server is optimized for local development and MUST never be used in a production setup."
5454
var localWebServerTlsKeyLogWarningMsg = "Logging TLS master key is enabled. It means TLS connections between the client and this server will be INSECURE. This is NOT recommended unless you are debugging the connections."
55+
var localWebServerAllowsCORSLogWarningMsg = "Cross-origin resource sharing (CORS) is enabled for all requests.\nYou may want to use https://github.com/nelmio/NelmioCorsBundle to have better control over HTTP headers."
5556

5657
var localServerStartCmd = &console.Command{
5758
Category: "local",
@@ -83,6 +84,7 @@ var localServerStartCmd = &console.Command{
8384
EnvVars: []string{"SSLKEYLOGFILE"},
8485
},
8586
&console.BoolFlag{Name: "no-workers", Usage: "Do not start workers"},
87+
&console.BoolFlag{Name: "allow-cors", Usage: "Allow Cross-origin resource sharing (CORS) requests"},
8688
},
8789
Action: func(c *console.Context) error {
8890
ui := terminal.SymfonyStyle(terminal.Stdout, terminal.Stdin)
@@ -188,6 +190,10 @@ var localServerStartCmd = &console.Command{
188190
ui.Warning(localWebServerTlsKeyLogWarningMsg)
189191
}
190192

193+
if config.AllowCORS {
194+
ui.Warning(localWebServerAllowsCORSLogWarningMsg)
195+
}
196+
191197
lw, err := pidFile.LogWriter()
192198
if err != nil {
193199
return err

‎local/http/cors.go

Copy file name to clipboard
+46Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
/*
2+
* Copyright (c) 2021-present Fabien Potencier <fabien@symfony.com>
3+
*
4+
* This file is part of Symfony CLI project
5+
*
6+
* This program is free software: you can redistribute it and/or modify
7+
* it under the terms of the GNU Affero General Public License as
8+
* published by the Free Software Foundation, either version 3 of the
9+
* License, or (at your option) any later version.
10+
*
11+
* This program is distributed in the hope that it will be useful,
12+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14+
* GNU Affero General Public License for more details.
15+
*
16+
* You should have received a copy of the GNU Affero General Public License
17+
* along with this program. If not, see <http://www.gnu.org/licenses/>.
18+
*/
19+
20+
package http
21+
22+
import (
23+
"net/http"
24+
25+
"github.com/rs/zerolog"
26+
)
27+
28+
func corsWrapper(h http.Handler, logger zerolog.Logger) http.Handler {
29+
var corsHeaders = []string{"Access-Control-Allow-Origin", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers"}
30+
31+
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
32+
for _, corsHeader := range corsHeaders {
33+
w.Header().Set(corsHeader, "*")
34+
}
35+
36+
h.ServeHTTP(w, r)
37+
38+
for _, corsHeader := range corsHeaders {
39+
if headers, exists := w.Header()[corsHeader]; !exists || len(headers) < 2 {
40+
continue
41+
}
42+
43+
logger.Warn().Msgf(`Multiple entries detected for header "%s". Only one should be set: you should enable CORS handling in the CLI only if the application does not handle them.`, corsHeader)
44+
}
45+
})
46+
}

‎local/http/http.go

Copy file name to clipboardExpand all lines: local/http/http.go
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ type Server struct {
5656
Appversion string
5757
UseGzip bool
5858
TlsKeyLogFile string
59+
AllowCORS bool
5960

6061
httpserver *http.Server
6162
httpsserver *http.Server
@@ -98,6 +99,10 @@ func (s *Server) Start(errChan chan error) (int, error) {
9899
proxyHandler = gzipWrapper(proxyHandler)
99100
}
100101

102+
if s.AllowCORS {
103+
proxyHandler = corsWrapper(proxyHandler, s.Logger)
104+
}
105+
101106
s.httpserver = &http.Server{
102107
Handler: proxyHandler,
103108
}

‎local/project/config.go

Copy file name to clipboardExpand all lines: local/project/config.go
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ type Config struct {
4949
UseGzip bool `yaml:"use_gzip"`
5050
TlsKeyLogFile string `yaml:"tls_key_log_file"`
5151
NoWorkers bool `yaml:"no_workers"`
52+
AllowCORS bool `yaml:"allow_cors"`
5253
}
5354

5455
type FileConfig struct {
@@ -122,6 +123,9 @@ func NewConfigFromContext(c *console.Context, projectDir string) (*Config, *File
122123
if c.IsSet("no-workers") {
123124
config.NoWorkers = c.Bool("no-workers")
124125
}
126+
if c.IsSet("allow-cors") {
127+
config.AllowCORS = c.Bool("allow-cors")
128+
}
125129

126130
return config, fileConfig, nil
127131
}

‎local/project/project.go

Copy file name to clipboardExpand all lines: local/project/project.go
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ func New(c *Config) (*Project, error) {
6363
UseGzip: c.UseGzip,
6464
Appversion: c.AppVersion,
6565
TlsKeyLogFile: c.TlsKeyLogFile,
66+
AllowCORS: c.AllowCORS,
6667
},
6768
}
6869
if err != nil {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.