search

EarthScope / ringserver

Apache License 2.0
30 stars 16 forks source link

configure HTTP headers #5

Closed crotwell closed 6 years ago

crotwell commented 7 years ago

Allow the http mode in ringserver (optionally) set headers, in particular the CORS header is needed for cross-site scripting.

Maybe in config file in manner similar to how it works on Apache:

Header set Access-Control-Allow-Origin "*"

Not sure if there would be need for other headers, but might be useful to have generic "add a http header" ability.

crotwell commented 6 years ago

Probably not the best way to actually do this since it is hardcoded to allow all, but here is a diff of the changes I made to http.c in order to allow CORS request to succeed. May be of use to someone...

diff --git a/src/http.c b/src/http.c
index 513bf97..e36acda 100644
--- a/src/http.c
+++ b/src/http.c
@@ -196,6 +196,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
                         "HTTP/1.1 200\r\n"
                         "Content-Length: %d\r\n"
                         "Content-Type: text/plain\r\n"
+                        "Access-Control-Allow-Origin: *\r\n"
                         "\r\n",
                         (response) ? responsebytes : 0);

@@ -237,6 +238,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
                         "HTTP/1.1 200\r\n"
                         "Content-Length: %d\r\n"
                         "Content-Type: text/plain\r\n"
+                        "Access-Control-Allow-Origin: *\r\n"
                         "\r\n",
                         (response) ? responsebytes : 0);

@@ -295,6 +297,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
                         "HTTP/1.1 200\r\n"
                         "Content-Length: %d\r\n"
                         "Content-Type: text/plain\r\n"
+                        "Access-Control-Allow-Origin: *\r\n"
                         "\r\n",
                         (response) ? responsebytes : 0);

@@ -353,6 +356,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
                         "HTTP/1.1 200\r\n"
                         "Content-Length: %d\r\n"
                         "Content-Type: text/plain\r\n"
+                        "Access-Control-Allow-Origin: *\r\n"
                         "\r\n",
                         (response) ? responsebytes : 0);

@@ -1449,6 +1453,7 @@ SendFileHTTP (ClientInfo *cinfo, char *path)
   rv = asprintf (&response, "HTTP/1.1 200\r\n"
                             "Content-Length: %llu\r\n"
                             "Content-Type: %s\n"
+                        "Access-Control-Allow-Origin: *\r\n"
                             "\r\n",
                  (long long unsigned int)filestat.st_size,
                  contenttype);
@@ -1649,6 +1654,7 @@ NegotiateWebSocket (ClientInfo *cinfo, char *version,
             "HTTP/1.1 101 Switching Protocols\r\n"
             "Upgrade: websocket\r\n"
             "Connection: Upgrade\r\n"
+                        "Access-Control-Allow-Origin: *\r\n"
             "%s"
             "Sec-WebSocket-Accept: %s\r\n"
             "\r\n",