fix: add support for CORS headers and pre-flight request
Summary:
This PR implements basic Cross-Origin Resource Sharing (CORS) support to the RPC server, as per the spec at https://www.w3.org/TR/cors/#resource-requests . The spec has been quoted verbatim in the source code for easier validation and maintenance of the code.
- added support for OPTIONS HTTP method
- interpret CORS request headers for pre-flight requests
- set CORS response headers
- -rpccorsdomain=value command line option for whitelisted domains
- four test cases: standard CORS request, and pre-flight request, with/without -rpccorsdomain
In practice this PR allows the REST interface to be used directly from a browser.
All the existing restrictions to the REST interface still apply: IP subnet, port, username, password.
Test Plan:
- Standard CORS request (Origin set) to whitelisted domain (should succeed)
- CORS pre-flight request (OPTIONS) to whitelisted domain (should succeed)
- Standard CORS request (Origin set) to non-whitelisted domain (should fail)
- CORS pre-flight request (OPTIONS) to non-whitelisted domain (should fail)
Reviewers: schancel, deadalnix, matiu, lionello, #bitcoin_abc
Reviewed By: schancel, #bitcoin_abc
Subscribers: teamcity
Differential Revision: https://reviews.bitcoinabc.org/D1112