diff options
| author | jerebear12 <72420925+jerebear12@users.noreply.github.com> | 2023-12-20 18:21:11 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-20 16:21:11 -0800 |
| commit | 06343f897645c4650f8f65e9a7ecd9b255820cfd (patch) | |
| tree | ff6053af3bb23025a8d66f4275a460aa3ce1fbdf /weed/server/filer_server_handlers.go | |
| parent | 3c9bcfb864b6c06cdc8ca189655a896feab9d343 (diff) | |
| download | seaweedfs-06343f897645c4650f8f65e9a7ecd9b255820cfd.tar.xz seaweedfs-06343f897645c4650f8f65e9a7ecd9b255820cfd.zip | |
Set allowed origins in config (#5109)
* Add a way to use a JWT in an HTTP only cookie
If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie.
* Added a way to specify allowed origins header from config
* Removed unecessary log
* Check list of domains from config or command flag
* Handle default wildcard and change name of config value to cors
Diffstat (limited to 'weed/server/filer_server_handlers.go')
| -rw-r--r-- | weed/server/filer_server_handlers.go | 46 |
1 files changed, 40 insertions, 6 deletions
diff --git a/weed/server/filer_server_handlers.go b/weed/server/filer_server_handlers.go index 6bfae3dc1..d71b60d70 100644 --- a/weed/server/filer_server_handlers.go +++ b/weed/server/filer_server_handlers.go @@ -3,6 +3,7 @@ package weed_server import ( "errors" "net/http" + "os" "strings" "sync/atomic" "time" @@ -17,8 +18,24 @@ import ( func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { start := time.Now() - if r.Header.Get("Origin") != "" { - w.Header().Set("Access-Control-Allow-Origin", "*") + origin := r.Header.Get("Origin") + if origin != "" { + if fs.option.AllowedOrigins == nil || len(fs.option.AllowedOrigins) == 0 || fs.option.AllowedOrigins[0] == "*" { + origin = "*" + } else { + originFound := false + for _, allowedOrigin := range fs.option.AllowedOrigins { + if origin == allowedOrigin { + originFound = true + } + } + if !originFound { + writeJsonError(w, r, http.StatusForbidden, errors.New("origin not allowed")) + return + } + } + + w.Header().Set("Access-Control-Allow-Origin", origin) w.Header().Set("Access-Control-Expose-Headers", "*") w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("Access-Control-Allow-Credentials", "true") @@ -99,9 +116,27 @@ func (fs *FilerServer) readonlyFilerHandler(w http.ResponseWriter, r *http.Reque start := time.Now() - if r.Header.Get("Origin") != "" { - w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-Control-Allow-Headers", "*") + os.Stdout.WriteString("Request: " + r.Method + " " + r.URL.String() + "\n") + + origin := r.Header.Get("Origin") + if origin != "" { + if fs.option.AllowedOrigins == nil || len(fs.option.AllowedOrigins) == 0 || fs.option.AllowedOrigins[0] == "*" { + origin = "*" + } else { + originFound := false + for _, allowedOrigin := range fs.option.AllowedOrigins { + if origin == allowedOrigin { + originFound = true + } + } + if !originFound { + writeJsonError(w, r, http.StatusForbidden, errors.New("origin not allowed")) + return + } + } + + w.Header().Set("Access-Control-Allow-Origin", origin) + w.Header().Set("Access-Control-Allow-Headers", "OPTIONS, GET, HEAD") w.Header().Set("Access-Control-Allow-Credentials", "true") } @@ -137,7 +172,6 @@ func OptionsHandler(w http.ResponseWriter, r *http.Request, isReadOnly bool) { w.Header().Set("Access-Control-Allow-Methods", "PUT, POST, GET, DELETE, OPTIONS") w.Header().Set("Access-Control-Expose-Headers", "*") } - w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("Access-Control-Allow-Credentials", "true") } |