Skip to content

Commit 66c696b

Browse files
easyCZeasyCZ
committed
[proxy] Use AllowedOrigins instead of BaseDomain for CORS
1 parent f668ab4 commit 66c696b

File tree

2 files changed

+26
-6
lines changed

2 files changed

+26
-6
lines changed

components/proxy/conf/Caddyfile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,10 @@ api.{$GITPOD_DOMAIN} {
150150
output stdout
151151
}
152152

153+
gitpod.cors_origin {
154+
allowed_origins https://{$GITPOD_DOMAIN}
155+
}
156+
153157
@grpc protocol grpc
154158

155159
handle @grpc {

components/proxy/plugins/corsorigin/cors_origin.go

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"fmt"
99
"net/http"
1010
"strconv"
11+
"strings"
1112

1213
"github.com/caddyserver/caddy/v2"
1314
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
@@ -27,9 +28,10 @@ func init() {
2728

2829
// CorsOrigin implements an HTTP handler that generates a valid CORS Origin value
2930
type CorsOrigin struct {
30-
AnyDomain bool `json:"any_domain,omitempty"`
31-
BaseDomain string `json:"base_domain,omitempty"`
32-
Debug bool `json:"debug,omitempty"`
31+
AnyDomain bool `json:"any_domain,omitempty"`
32+
BaseDomain string `json:"base_domain,omitempty"`
33+
AllowedOrigins []string `json:"allowed_origins,omitempty"`
34+
Debug bool `json:"debug,omitempty"`
3335
}
3436

3537
// CaddyModule returns the Caddy module information.
@@ -54,9 +56,12 @@ func (m CorsOrigin) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy
5456
var allowedOrigins []string
5557
if m.AnyDomain {
5658
allowedOrigins = []string{"*"}
57-
} else {
59+
} else if m.BaseDomain != "" {
5860
allowedOrigins = []string{"*." + m.BaseDomain}
61+
} else if len(m.AllowedOrigins) != 0 {
62+
allowedOrigins = m.AllowedOrigins
5963
}
64+
6065
c := cors.New(cors.Options{
6166
AllowedOrigins: allowedOrigins,
6267
AllowedMethods: allowedMethods,
@@ -98,8 +103,15 @@ func (m *CorsOrigin) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
98103
}
99104

100105
m.AnyDomain = b
106+
101107
case "base_domain":
102108
m.BaseDomain = value
109+
110+
case "allowed_origins":
111+
// comma separated
112+
origins := strings.Split(value, ",")
113+
m.AllowedOrigins = origins
114+
103115
case "debug":
104116
b, err := strconv.ParseBool(value)
105117
if err != nil {
@@ -112,8 +124,12 @@ func (m *CorsOrigin) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
112124
}
113125
}
114126

115-
if !m.AnyDomain && m.BaseDomain == "" {
116-
return fmt.Errorf("Please configure the base_domain subdirective")
127+
if m.BaseDomain != "" && len(m.AllowedOrigins) != 0 {
128+
return fmt.Errorf("base_domain and allowed_origins subdirectives are mutually exclusive, configure only one of them")
129+
}
130+
131+
if !m.AnyDomain && m.BaseDomain == "" && len(m.AllowedOrigins) == 0 {
132+
return fmt.Errorf("Please configure the base_domain or allowed_origins subdirective")
117133
}
118134

119135
return nil

0 commit comments

Comments
 (0)