Skip to content

Commit

Permalink
feat: add cors headers
Browse files Browse the repository at this point in the history
  • Loading branch information
fetsorn committed Aug 6, 2024
1 parent 1cf3671 commit 6425ff4
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,31 @@ http:
# Make sure to use https:// if you are using TLS.
public_url: "http://localhost:23232"

# The cross-origin request security options
cors:
# The allowed cross-origin headers
allowed_headers:
- Accept
- Accept-Language
- Content-Language
- Origin
# - Content-Type
# - X-Requested-With
# - User-Agent
# - Authorization

# The allowed cross-origin URLs
# allowed_origins:
# - *

# The allowed cross-origin methods
allowed_methods:
- GET
- HEAD
- POST
# - PUT
# - OPTIONS

# The database configuration.
db:
# The database driver to use.
Expand Down
15 changes: 15 additions & 0 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,15 @@ type GitConfig struct {
MaxConnections int `env:"MAX_CONNECTIONS" yaml:"max_connections"`
}

// CORSConfig is the CORS configuration for the server.
type CORSConfig struct {
AllowedHeaders []string `env:"ALLOWED_HEADERS" yaml:"allowed_headers"`

AllowedOrigins []string `env:"ALLOWED_ORIGINS" yaml:"allowed_origins"`

AllowedMethods []string `env:"ALLOWED_METHODS" yaml:"allowed_methods"`
}

// HTTPConfig is the HTTP configuration for the server.
type HTTPConfig struct {
// ListenAddr is the address on which the HTTP server will listen.
Expand All @@ -68,6 +77,9 @@ type HTTPConfig struct {

// PublicURL is the public URL of the HTTP server.
PublicURL string `env:"PUBLIC_URL" yaml:"public_url"`

// HTTP is the configuration for the HTTP server.
CORS CORSConfig `envPrefix:"CORS_" yaml:"cors"`
}

// StatsConfig is the configuration for the stats server.
Expand Down Expand Up @@ -180,6 +192,9 @@ func (c *Config) Environ() []string {
fmt.Sprintf("SOFT_SERVE_HTTP_TLS_KEY_PATH=%s", c.HTTP.TLSKeyPath),
fmt.Sprintf("SOFT_SERVE_HTTP_TLS_CERT_PATH=%s", c.HTTP.TLSCertPath),
fmt.Sprintf("SOFT_SERVE_HTTP_PUBLIC_URL=%s", c.HTTP.PublicURL),
fmt.Sprintf("SOFT_SERVE_HTTP_CORS_ALLOWED_HEADERS=%s", strings.Join(c.HTTP.CORS.AllowedHeaders, "\n")),
fmt.Sprintf("SOFT_SERVE_HTTP_CORS_ALLOWED_ORIGINS=%s", strings.Join(c.HTTP.CORS.AllowedOrigins, "\n")),
fmt.Sprintf("SOFT_SERVE_HTTP_CORS_ALLOWED_METHODS=%s", strings.Join(c.HTTP.CORS.AllowedMethods, "\n")),
fmt.Sprintf("SOFT_SERVE_STATS_LISTEN_ADDR=%s", c.Stats.ListenAddr),
fmt.Sprintf("SOFT_SERVE_LOG_FORMAT=%s", c.Log.Format),
fmt.Sprintf("SOFT_SERVE_LOG_TIME_FORMAT=%s", c.Log.TimeFormat),
Expand Down
8 changes: 8 additions & 0 deletions pkg/web/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"net/http"

"github.com/charmbracelet/log"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
Expand All @@ -26,5 +27,12 @@ func NewRouter(ctx context.Context) http.Handler {
h = handlers.CompressHandler(h)
h = handlers.RecoveryHandler()(h)

cfg := config.FromContext(ctx)

h = handlers.CORS(handlers.AllowedHeaders(cfg.HTTP.CORS.AllowedHeaders),
handlers.AllowedOrigins(cfg.HTTP.CORS.AllowedOrigins),
handlers.AllowedMethods(cfg.HTTP.CORS.AllowedMethods),
)(h)

return h
}

0 comments on commit 6425ff4

Please sign in to comment.