Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ipfs/kubo
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9e0bfa062889
Choose a base ref
...
head repository: ipfs/kubo
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a5c4c5d17cbd
Choose a head ref
  • 3 commits
  • 2 files changed
  • 2 contributors

Commits on Jan 21, 2016

  1. Gateway: add support for HTTP OPTIONS request type 

    OPTIONS is a noop request that is used by the browsers
to check if server will accept cross-site XMLHttpRequest
(indicated by the presence of CORS headers)

Before this fix user could enable CORS headers in the Gateway config,
but XHR failed due to the lack of support for OPTIONS request type
(as described in https://git.io/vzgGe)

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
    @lidel
    lidel committed Jan 21, 2016
    Copy the full SHA
    8651143 View commit details

Commits on Jan 22, 2016

  1. CORS header tests for Gateway 

    - Implements
  #2232 (comment)
- Separate test suite:
    - we don't want to pollute other gateway tests with CORS headers
    - (as of now) changing headers requires daemon restart anyway

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
    @lidel
    lidel committed Jan 22, 2016
    Copy the full SHA
    15d717c View commit details

Commits on Jan 24, 2016

  1. Merge pull request #2232 from lidel/cors-preflight-fix 

    Gateway: add support for HTTP OPTIONS request type
    @jbenet
    jbenet committed Jan 24, 2016
    Copy the full SHA
    a5c4c5d View commit details
Showing with 92 additions and 0 deletions.
  1. +14 −0 core/corehttp/gateway_handler.go
  2. +78 −0 test/sharness/t0112-gateway-cors.sh
14 changes: 14 additions & 0 deletions core/corehttp/gateway_handler.go
View file
Original file line number Diff line number Diff line change
@@ -82,6 +82,11 @@ func (i *gatewayHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}

if r.Method == "OPTIONS" {
i.optionsHandler(w, r)
return
}

errmsg := "Method " + r.Method + " not allowed: "
if !i.config.Writable {
w.WriteHeader(http.StatusMethodNotAllowed)
@@ -94,6 +99,15 @@ func (i *gatewayHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Error(errmsg) // TODO(cryptix): log errors until we have a better way to expose these (counter metrics maybe)
}

func (i *gatewayHandler) optionsHandler(w http.ResponseWriter, r *http.Request) {
/*
OPTIONS is a noop request that is used by the browsers to check
if server accepts cross-site XMLHttpRequest (indicated by the presence of CORS headers)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
*/
i.addUserHeaders(w) // return all custom headers (including CORS ones, if set)
}

func (i *gatewayHandler) getOrHeadHandler(w http.ResponseWriter, r *http.Request) {
ctx, cancel := context.WithTimeout(i.node.Context(), time.Hour)
// the hour is a hard fallback, we don't expect it to happen, but just in case
78 changes: 78 additions & 0 deletions test/sharness/t0112-gateway-cors.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
#!/bin/sh
#
# Copyright (c) 2016 Marcin Rataj
# MIT Licensed; see the LICENSE file in this repository.
#

test_description="Test HTTP Gateway CORS Support"

test_config_ipfs_cors_headers() {
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "GET", "POST"]'
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Headers '["X-Requested-With"]'

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "GET", "POST"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Headers '["X-Requested-With"]'
}

. lib/test-lib.sh

test_init_ipfs
test_config_ipfs_gateway_readonly $ADDR_GWAY
test_config_ipfs_cors_headers
test_launch_ipfs_daemon

gwport=$PORT_GWAY
apiport=$PORT_API
thash='QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn'

# Gateway

# HTTP GET Request
test_expect_success "GET to Gateway succeeds" '
curl -svX GET "http://127.0.0.1:$gwport/ipfs/$thash" 2>curl_output
'
# GET Response from Gateway should contain CORS headers
test_expect_success "GET response for Gateway resource looks good" '
grep "Access-Control-Allow-Origin:" curl_output &&
grep "Access-Control-Allow-Methods:" curl_output &&
grep "Access-Control-Allow-Headers:" curl_output
'

# HTTP OPTIONS Request
test_expect_success "OPTIONS to Gateway succeeds" '
curl -svX OPTIONS "http://127.0.0.1:$gwport/ipfs/$thash" 2>curl_output
'
# OPTION Response from Gateway should contain CORS headers
test_expect_success "OPTIONS response for Gateway resource looks good" '
grep "Access-Control-Allow-Origin:" curl_output &&
grep "Access-Control-Allow-Methods:" curl_output &&
grep "Access-Control-Allow-Headers:" curl_output
'

# Read-Only API (at the Gateway Port)

# HTTP GET Request
test_expect_success "GET to API succeeds" '
curl -svX GET "http://127.0.0.1:$gwport/api/v0/cat?arg=$thash" 2>curl_output
'
# GET Response from the API should NOT contain CORS headers
# Blacklisting: https://git.io/vzaj2
# Rationale: https://git.io/vzajX
test_expect_success "OPTIONS response for API looks good" '
grep -q "Access-Control-Allow-" curl_output && false || true
'

# HTTP OPTIONS Request
test_expect_success "OPTIONS to API succeeds" '
curl -svX OPTIONS "http://127.0.0.1:$gwport/api/v0/cat?arg=$thash" 2>curl_output
'
# OPTIONS Response from the API should NOT contain CORS headers
test_expect_success "OPTIONS response for API looks good" '
grep -q "Access-Control-Allow-" curl_output && false || true
'

test_kill_ipfs_daemon

test_done