alihan/fn-serverless
1
0
Fork 0
mirror of https://github.com/fnproject/fn.git synced 2022-10-28 21:29:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add CORS support to fn api (#455)

Browse Source 
The Gin middleware is being used if one or more Origins are specified. Default setup for each Origin is as follows:

- GET,POST, PUT, HEAD methods allowed
- Credentials share disabled
- Preflight requests cached for 12 hours

Which are the defaults gin-contrib/cors comes with out of the box.

Gin-cors will return a 403 if it gets a request with an Origin header that isn't on its' list. If no Origin header is specified then it will just return the servers response.

Start fn with CORS enabled:

`API_CORS="http://localhost:4000, http://localhost:3000" make run`
This commit is contained in:
Alexander Bransby-Sharples
2017-11-16 15:37:26 +00:00
committed by GitHub
parent 8f7794c53a
commit c5ec0cc41e
12 changed files with 792 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
api/server/server.go
View File

@@ -11,6 +11,7 @@ import (
"os"
"path"
"strconv"
"strings"
"github.com/fnproject/fn/api"
"github.com/fnproject/fn/api/agent"
@@ -23,6 +24,7 @@ import (
"github.com/fnproject/fn/api/models"
"github.com/fnproject/fn/api/mqs"
"github.com/fnproject/fn/api/version"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
"github.com/opentracing/opentracing-go"
"github.com/opentracing/opentracing-go/ext"
@@ -38,6 +40,7 @@ const (
EnvLOGDBURL = "logstore_url"
EnvPort = "port" // be careful, Gin expects this variable to be "port"
EnvAPIURL = "api_url"
EnvAPICORS = "api_cors"
EnvZipkinURL = "zipkin_url"
)
@@ -75,6 +78,22 @@ func NewFromEnv(ctx context.Context, opts ...ServerOption) *Server {
return New(ctx, ds, mq, logDB, opts...)
}
func optionalCorsWrap(r *gin.Engine) {
// By default no CORS are allowed unless one
// or more Origins are defined by the API_CORS
// environment variable.
if len(viper.GetString(EnvAPICORS)) > 0 {
origins := strings.Split(strings.Replace(viper.GetString(EnvAPICORS), " ", "", -1), ",")
corsConfig := cors.DefaultConfig()
corsConfig.AllowOrigins = origins
logrus.Infof("CORS enabled for domains: %s", origins)
r.Use(cors.New(corsConfig))
}
}
// New creates a new Functions server with the passed in datastore, message queue and API URL
func New(ctx context.Context, ds models.Datastore, mq models.MessageQueue, logDB models.LogStore, opts ...ServerOption) *Server {
@@ -90,6 +109,8 @@ func New(ctx context.Context, ds models.Datastore, mq models.MessageQueue, logDB
setMachineID()
s.Router.Use(loggerWrap, traceWrap, panicWrap)
optionalCorsWrap(s.Router)
s.bindHandlers(ctx)
for _, opt := range opts {