Merge pull request containers#10546 from boaz0/closes_8645

Add CORS support

cmd/podman/system/service.go

@@ -39,7 +39,8 @@ Enable a listening service for API access to Podman commands.
 	}
 
 	srvArgs = struct {
-		Timeout int64
+		Timeout     int64
+		CorsHeaders string
 	}{}
 )
 
@@ -54,6 +55,8 @@ func init() {
 	timeFlagName := "time"
 	flags.Int64VarP(&srvArgs.Timeout, timeFlagName, "t", 5, "Time until the service session expires in seconds.  Use 0 to disable the timeout")
 	_ = srvCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone)
+	flags.StringVarP(&srvArgs.CorsHeaders, "cors", "", "", "Set CORS Headers")
+	_ = srvCmd.RegisterFlagCompletionFunc("cors", completion.AutocompleteNone)
 
 	flags.SetNormalizeFunc(aliasTimeoutFlag)
 }
@@ -71,7 +74,6 @@ func service(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	logrus.Infof("using API endpoint: '%s'", apiURI)
-
 	// Clean up any old existing unix domain socket
 	if len(apiURI) > 0 {
 		uri, err := url.Parse(apiURI)
@@ -90,8 +92,9 @@ func service(cmd *cobra.Command, args []string) error {
 	}
 
 	opts := entities.ServiceOptions{
-		URI:     apiURI,
-		Command: cmd,
+		URI:         apiURI,
+		Command:     cmd,
+		CorsHeaders: srvArgs.CorsHeaders,
 	}
 
 	opts.Timeout = time.Duration(srvArgs.Timeout) * time.Second

cmd/podman/system/service_abi.go

@@ -72,7 +72,7 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti
 	}
 
 	infra.StartWatcher(rt)
-	server, err := api.NewServerWithSettings(rt, opts.Timeout, listener)
+	server, err := api.NewServerWithSettings(rt, listener, api.Options{Timeout: opts.Timeout, CorsHeaders: opts.CorsHeaders})
 	if err != nil {
 		return err
 	}

docs/source/markdown/podman-system-service.1.md

@@ -30,6 +30,10 @@ Note: The default systemd unit files (system and user) change the log-level opti
 The time until the session expires in _seconds_. The default is 5
 seconds. A value of `0` means no timeout, therefore the session will not expire.
 
+#### **--cors**
+
+CORS headers to inject to the HTTP response. The default value is empty string which disables CORS headers.
+
 #### **--help**, **-h**
 
 Print usage statement.

pkg/api/server/handler_api.go

@@ -63,6 +63,12 @@ func (s *APIServer) APIHandler(h http.HandlerFunc) http.HandlerFunc {
 			w.Header().Set("Libpod-API-Version", lv)
 			w.Header().Set("Server", "Libpod/"+lv+" ("+runtime.GOOS+")")
 
+			if s.CorsHeaders != "" {
+				w.Header().Set("Access-Control-Allow-Origin", s.CorsHeaders)
+				w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth, Connection, Upgrade, X-Registry-Config")
+				w.Header().Set("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
+			}
+
 			h(w, r)
 			logrus.Debugf("APIHandler(%s) -- %s %s END", rid, r.Method, r.URL.String())
 		}

pkg/api/server/server.go

@@ -34,28 +34,35 @@ type APIServer struct {
 	context.CancelFunc               // Stop APIServer
 	idleTracker        *idle.Tracker // Track connections to support idle shutdown
 	pprof              *http.Server  // Sidecar http server for providing performance data
+	CorsHeaders        string        // Inject CORS headers to each request
 }
 
 // Number of seconds to wait for next request, if exceeded shutdown server
 const (
+	DefaultCorsHeaders       = ""
 	DefaultServiceDuration   = 300 * time.Second
 	UnlimitedServiceDuration = 0 * time.Second
 )
 
 // shutdownOnce ensures Shutdown() may safely be called from several go routines
 var shutdownOnce sync.Once
 
+type Options struct {
+	Timeout     time.Duration
+	CorsHeaders string
+}
+
 // NewServer will create and configure a new API server with all defaults
 func NewServer(runtime *libpod.Runtime) (*APIServer, error) {
-	return newServer(runtime, DefaultServiceDuration, nil)
+	return newServer(runtime, DefaultServiceDuration, nil, DefaultCorsHeaders)
 }
 
 // NewServerWithSettings will create and configure a new API server using provided settings
-func NewServerWithSettings(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener) (*APIServer, error) {
-	return newServer(runtime, duration, listener)
+func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts Options) (*APIServer, error) {
+	return newServer(runtime, opts.Timeout, listener, opts.CorsHeaders)
 }
 
-func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener) (*APIServer, error) {
+func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener, corsHeaders string) (*APIServer, error) {
 	// If listener not provided try socket activation protocol
 	if listener == nil {
 		if _, found := os.LookupEnv("LISTEN_PID"); !found {
@@ -71,6 +78,11 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
 		}
 		listener = &listeners[0]
 	}
+	if corsHeaders == "" {
+		logrus.Debug("CORS Headers were not set")
+	} else {
+		logrus.Debugf("CORS Headers were set to %s", corsHeaders)
+	}
 
 	logrus.Infof("API server listening on %q", (*listener).Addr())
 	router := mux.NewRouter().UseEncodedPath()
@@ -88,6 +100,7 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
 		idleTracker: idle,
 		Listener:    *listener,
 		Runtime:     runtime,
+		CorsHeaders: corsHeaders,
 	}
 
 	router.NotFoundHandler = http.HandlerFunc(

pkg/domain/entities/system.go

@@ -11,9 +11,10 @@ import (
 
 // ServiceOptions provides the input for starting an API Service
 type ServiceOptions struct {
-	URI     string         // Path to unix domain socket service should listen on
-	Timeout time.Duration  // duration of inactivity the service should wait before shutting down
-	Command *cobra.Command // CLI command provided. Used in V1 code
+	URI         string         // Path to unix domain socket service should listen on
+	Timeout     time.Duration  // duration of inactivity the service should wait before shutting down
+	Command     *cobra.Command // CLI command provided. Used in V1 code
+	CorsHeaders string         // CORS headers
 }
 
 // SystemPruneOptions provides options to prune system.