search

msoap / shell2http

Executing shell commands via HTTP server
MIT License
1.32k stars 128 forks source link

support CORS? #104

Closed zicjin closed 1 month ago

msoap commented 1 month ago

@zicjin of course, you can add any http header to output of your shell script including CORS.

for example:

shell2http -cgi /cors 'echo "Access-Control-Allow-Origin: *\n"; echo date:; date'

request/response:

$ curl -i http://localhost:8080/cors

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Server: shell2http dev
X-Shell2http-Exit-Code: 0
Date: Sun, 14 Jul 2024 12:21:57 GMT
Content-Length: 36
Content-Type: text/plain; charset=utf-8

date:
Sun Jul 14 15:21:57 EEST 2024
zicjin commented 1 month ago

@msoap Thank you for your patience. How can I get cgi to incorporate the output of shell commands instead of simply 'date'.

I would like to make this /ping api support cors:

shell2http -form /ping 'ping -c 3 -w 2 $v_ip'
shell2http -cgi -form /ping 'echo "Access-Control-Allow-Origin: *\n"; echo date:; ping -n 3 -w 2 $v_ip'

But the above modification is not working.

msoap commented 1 month ago

could you please show how it not working?

for me working that command:

$ shell2http -cgi -form /ping 'echo "Access-Control-Allow-Origin: *\n"; ping -c 2 $v_ip'

2024/07/14 17:46:39 register: /ping (echo "Access-Control-Allow-Origin: *\n"; ping -c 2 $v_ip)
2024/07/14 17:46:39 register: / (index page)
2024/07/14 17:46:39 listen http://localhost:8080/
2024/07/14 17:47:02 localhost:8080 [::1]:54818 "GET /ping?ip=127.0.0.1" 200 310 "curl/8.6.0" 1.014s
2024/07/14 17:48:03 localhost:8080 [::1]:54827 "GET /ping?ip=127.0.0.1" 200 310 "curl/8.6.0" 1.011s

$ curl -i 'http://localhost:8080/ping?ip=127.0.0.1'

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Server: shell2http dev
X-Shell2http-Exit-Code: 0
Date: Sun, 14 Jul 2024 14:48:03 GMT
Content-Length: 310
Content-Type: text/plain; charset=utf-8

PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.066 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.204 ms

--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.066/0.135/0.204/0.069 ms
zicjin commented 1 month ago

@msoap Use your script to launch shell2http. Create a cross-domain request using fetch() on any web page will still be blocked.

shell2http -cgi -form /ping 'echo "Access-Control-Allow-Origin: *\n"; ping -c 2 $v_ip'

image

You can see there is no "Access-Control-Allow-Origin: *" in the response header. image

but if the request is created with an empty web page or curl, "Access-Control-Allow-Origin: *" will appear in the response header. image

msoap commented 1 month ago

@zicjin shell2http can return any kind of http-headers, it's no different from any other server, this means there is cors support. But support of CORS also depends on the page(host) from which the request originates. Please use advice from chatgpt:

image