Merge pull request #738 from Kilowhisky/cors_support

Add support for CORS in http requests
2024-06-03 19:37:27 -07:00 · 2024-06-03 19:37:27 -07:00 · 4ef11351f3
commit 4ef11351f3
parent af0bf7a5a2 1a437d3855
3 changed files with 75 additions and 1 deletions
--- a/internal/server/server.go
+++ b/internal/server/server.go
@ -867,6 +867,7 @@ func (s *Server) handleInputCommand(client *Client, msg *Message) error {
 				"Connection: close\r\n"+
 				"Content-Length: %d\r\n"+
 				"Content-Type: application/json; charset=utf-8\r\n"+
 				"Access-Control-Allow-Origin: *\r\n"+
 				"\r\n", status, len(res)+2)
 			if err != nil {
 				return err
@ -1444,6 +1445,22 @@ func readNextHTTPCommand(packet []byte, argsIn [][]byte, msg *Message, wr io.Wri
 		}
 		method := parts[0]
 		path := parts[1]
 		// Handle CORS request for allowed origins
 		if method == "OPTIONS" {
 			if wr == nil {
 				return false, errors.New("connection is nil")
 			}
 			corshead := "HTTP/1.1 204 No Content\r\n" +
 				"Connection: close\r\n" +
 				"Access-Control-Allow-Origin: *\r\n" +
 				"Access-Control-Allow-Headers: *, Authorization\r\n" +
 				"Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\n"
 			if _, err = wr.Write([]byte(corshead)); err != nil {
 				return false, err
 			}
 			return false, nil
 		}
 		if len(path) == 0 || path[0] != '/' {
 			return false, errInvalidHTTP
 		}
@ -1528,7 +1545,7 @@ func readNextHTTPCommand(packet []byte, argsIn [][]byte, msg *Message, wr io.Wri
 func readNextCommand(packet []byte, argsIn [][]byte, msg *Message, wr io.Writer) (
 	complete bool, args [][]byte, kind redcon.Kind, leftover []byte, err error,
 ) {
-	if packet[0] == 'G' || packet[0] == 'P' {
+	if packet[0] == 'G' || packet[0] == 'P' || packet[0] == 'O' {
 		// could be an HTTP request
 		var line []byte
 		for i := 1; i < len(packet); i++ {
--- a/tests/proto_test.go
+++ b/tests/proto_test.go
@ -0,0 +1,56 @@
 package tests
 import (
 	"fmt"
 	"net/http"
 )
 func subTestProto(g *testGroup) {
 	g.regSubTest("HTTP CORS", proto_HTTP_CORS_test)
 }
 func proto_HTTP_CORS_test(mc *mockServer) error {
 	// Make CORS request for GET /SERVER
 	morigin := "http://my-test-origin"
 	url := fmt.Sprintf("http://127.0.0.1:%d/SERVER", mc.port)
 	req, err := http.NewRequest(http.MethodOptions, url, nil)
 	if err != nil {
 		return err
 	}
 	req.Header.Add("Origin", morigin)
 	req.Header.Add("Access-Control-Request-Method", "GET")
 	req.Header.Add("Access-Control-Request-Headers", "Authorization")
 	resp, err := http.DefaultClient.Do(req)
 	// Validate CORS response
 	if err != nil {
 		return err
 	}
 	if resp.StatusCode != 204 {
 		return fmt.Errorf("expected http stuats '204', got '%d'", resp.StatusCode)
 	}
 	origin := resp.Header.Get("Access-Control-Allow-Origin")
 	methods := resp.Header.Get("Access-Control-Allow-Methods")
 	headers := resp.Header.Get("Access-Control-Allow-Headers")
 	if !(origin == "*" || origin == morigin) {
 		return fmt.Errorf("expected http access-control-allow-origin value '*', got '%s'", origin)
 	}
 	if methods != "POST, GET, OPTIONS" {
 		return fmt.Errorf("expected http access-control-allow-Methods value 'POST, GET, OPTIONS', got '%s'", methods)
 	}
 	if headers != "*, Authorization" {
 		return fmt.Errorf("expected http access-control-allow-headers value '*, Authorization', got '%s'", headers)
 	}
 	// Make the actual request now
 	resp, err = http.Get(url)
 	if err != nil {
 		return err
 	}
 	origin = resp.Header.Get("Access-Control-Allow-Origin")
 	if !(origin == "*" || origin == morigin) {
 		return fmt.Errorf("expected http access-control-allow-origin value '*', got '%s'", origin)
 	}
 	return nil
 }
--- a/tests/tests_test.go
+++ b/tests/tests_test.go
@ -57,6 +57,7 @@ func TestIntegration(t *testing.T) {
 	regTestGroup("follower", subTestFollower)
 	regTestGroup("aof", subTestAOF)
 	regTestGroup("monitor", subTestMonitor)
 	regTestGroup("proto", subTestProto)
 	runTestGroups(t)
 }