HomePhabricator

fix: add support for CORS headers and pre-flight request

Description

fix: add support for CORS headers and pre-flight request

Summary:
This PR implements basic Cross-Origin Resource Sharing (CORS) support to the RPC server, as per the spec at https://www.w3.org/TR/cors/#resource-requests . The spec has been quoted verbatim in the source code for easier validation and maintenance of the code.

  • added support for OPTIONS HTTP method
  • interpret CORS request headers for pre-flight requests
  • set CORS response headers
  • -rpccorsdomain=value command line option for whitelisted domains
  • four test cases: standard CORS request, and pre-flight request, with/without -rpccorsdomain

In practice this PR allows the REST interface to be used directly from a browser.

All the existing restrictions to the REST interface still apply: IP subnet, port, username, password.

Test Plan:

  • Standard CORS request (Origin set) to whitelisted domain (should succeed)
  • CORS pre-flight request (OPTIONS) to whitelisted domain (should succeed)
  • Standard CORS request (Origin set) to non-whitelisted domain (should fail)
  • CORS pre-flight request (OPTIONS) to non-whitelisted domain (should fail)

Reviewers: schancel, deadalnix, matiu, lionello, #bitcoin_abc

Reviewed By: schancel, #bitcoin_abc

Subscribers: teamcity

Differential Revision: https://reviews.bitcoinabc.org/D1112

Details

Provenance
Lionello Lunesu <lio+git@lunesu.com>Authored on Apr 21 2018, 23:36
jasonbcoxCommitted on Apr 22 2018, 01:06
qshuaiPushed on Apr 24 2018, 07:44
Reviewer
Restricted Project
Differential Revision
D1112: fix: add support for CORS headers and pre-flight request
Parents
rSTAGING046f17407d77: Add instructions for building Doxygen docs
Branches
Unknown
Tags
Unknown