admin and portalapi: propagate new configurable CORS mechanism from moulinette

2024-09-03 20:06:10 +02:00 · 2023-07-29 19:15:30 +02:00 · 2023-07-29 19:15:30 +02:00 · 09c5a4cfb9
commit 09c5a4cfb9
parent 704e42a6af
2 changed files with 16 additions and 13 deletions
--- a/conf/nginx/yunohost_api.conf.inc
+++ b/conf/nginx/yunohost_api.conf.inc
@ -26,18 +26,6 @@ location = /yunohost/api/error/502 {

 location /yunohost/portalapi/ {

-    # FIXME FIXME FIXME : we should think about what we really want here ... 
-    more_set_headers "Access-Control-Allow-Origin: $http_origin";
-    more_set_headers "Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, DELETE";
-    more_set_headers "Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With";
-    more_set_headers "Access-Control-Allow-Credentials: true";
-
-    if ($request_method = 'OPTIONS') {
-        more_set_headers "Content-Type: text/plain; charset=utf-8";
-        more_set_headers "Content-Length: 0";
-        return 204;
-    }
-
    proxy_read_timeout 5s;
    proxy_pass http://127.0.0.1:6788/;
    proxy_http_version 1.1;
--- a/src/init.py
+++ b/src/init.py
@ -50,6 +50,13 @@ def cli(debug, quiet, output_as, timeout, args, parser):


 def api(debug, host, port):
+
+    allowed_cors_origins = []
+    allowed_cors_origins_file = "/etc/yunohost/.admin-api-allowed-cors-origins"
+
+    if os.path.exists(allowed_cors_origins_file):
+        allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",")
+
    init_logging(interface="api", debug=debug)

    def is_installed_api():
@ -64,12 +71,19 @@ def api(debug, host, port):
        actionsmap="/usr/share/yunohost/actionsmap.yml",
        locales_dir="/usr/share/yunohost/locales/",
        routes={("GET", "/installed"): is_installed_api},
+        allowed_cors_origins=allowed_cors_origins,
    )
    sys.exit(ret)


 def portalapi(debug, host, port):

+    allowed_cors_origins = []
+    allowed_cors_origins_file = "/etc/yunohost/.portal-api-allowed-cors-origins"
+
+    if os.path.exists(allowed_cors_origins_file):
+        allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",")
+
    # FIXME : is this the logdir we want ? (yolo to work around permission issue)
    init_logging(interface="portalapi", debug=debug, logdir="/var/log")

@ -77,7 +91,8 @@ def portalapi(debug, host, port):
        host=host,
        port=port,
        actionsmap="/usr/share/yunohost/actionsmap-portal.yml",
-        locales_dir="/usr/share/yunohost/locales/"
+        locales_dir="/usr/share/yunohost/locales/",
+        allowed_cors_origins=allowed_cors_origins,
    )
    sys.exit(ret)