From 3fef4512e6220d6ce8953c427ca5c71f97a63c86 Mon Sep 17 00:00:00 2001 From: Casey Rodarmor Date: Wed, 28 Aug 2024 22:45:04 -0700 Subject: [PATCH] Revert "Serve responses with cross origin isolation headers (#3898)" This reverts commit 2de128f2d3ec90f86de522655025f77ea86d3c00. --- src/subcommand/server.rs | 50 ++------------------------ src/subcommand/server/server_config.rs | 3 +- 2 files changed, 3 insertions(+), 50 deletions(-) diff --git a/src/subcommand/server.rs b/src/subcommand/server.rs index 5d351d7aa1..a8160f7d79 100644 --- a/src/subcommand/server.rs +++ b/src/subcommand/server.rs @@ -15,7 +15,7 @@ use { axum::{ body, extract::{DefaultBodyLimit, Extension, Json, Path, Query}, - http::{header, HeaderName, HeaderValue, StatusCode, Uri}, + http::{header, HeaderValue, StatusCode, Uri}, response::{IntoResponse, Redirect, Response}, routing::{get, post}, Router, @@ -84,8 +84,6 @@ pub struct Server { help = "Decompress encoded content. Currently only supports brotli. Be careful using this on production instances. A decompressed inscription may be arbitrarily large, making decompression a DoS vector." )] pub(crate) decompress: bool, - #[arg(long, help = "Disable cross origin isolation.")] - pub(crate) disable_cross_origin_isolation: bool, #[arg(long, help = "Disable JSON API.")] pub(crate) disable_json_api: bool, #[arg( @@ -160,13 +158,12 @@ impl Server { let server_config = Arc::new(ServerConfig { chain: settings.chain(), - cross_origin_isolation: !self.disable_cross_origin_isolation, + proxy: self.proxy.clone(), csp_origin: self.csp_origin.clone(), decompress: self.decompress, domain: acme_domains.first().cloned(), index_sats: index.has_sat_index(), json_api_enabled: !self.disable_json_api, - proxy: self.proxy.clone(), }); let router = Router::new() @@ -292,24 +289,6 @@ impl Server { .layer(CompressionLayer::new()) .with_state(server_config.clone()); - let router = if server_config.cross_origin_isolation { - router - .layer(SetResponseHeaderLayer::overriding( - HeaderName::from_static("cross-origin-embedder-policy"), - HeaderValue::from_static("require-corp"), - )) - .layer(SetResponseHeaderLayer::overriding( - HeaderName::from_static("cross-origin-opener-policy"), - HeaderValue::from_static("same-origin"), - )) - .layer(SetResponseHeaderLayer::overriding( - HeaderName::from_static("cross-origin-resource-policy"), - HeaderValue::from_static("same-site"), - )) - } else { - router - }; - let router = if server_config.json_api_enabled { router.layer(DefaultBodyLimit::disable()) } else { @@ -4825,31 +4804,6 @@ mod tests { ); } - #[test] - fn cross_origin_isolation_headers() { - const COEP: HeaderName = HeaderName::from_static("cross-origin-embedder-policy"); - const COOP: HeaderName = HeaderName::from_static("cross-origin-opener-policy"); - const CORP: HeaderName = HeaderName::from_static("cross-origin-resource-policy"); - - { - let response = TestServer::new().get("/status"); - assert_eq!(response.headers().get(COEP).unwrap(), "require-corp"); - assert_eq!(response.headers().get(COOP).unwrap(), "same-origin"); - assert_eq!(response.headers().get(CORP).unwrap(), "same-site"); - } - - { - let response = TestServer::builder() - .server_flag("--disable-cross-origin-isolation") - .build() - .get("/status"); - - assert!(response.headers().get(COEP).is_none()); - assert!(response.headers().get(COOP).is_none()); - assert!(response.headers().get(CORP).is_none()); - } - } - #[test] fn feed() { let server = TestServer::builder() diff --git a/src/subcommand/server/server_config.rs b/src/subcommand/server/server_config.rs index 85f5f5d394..ffa9c02ca8 100644 --- a/src/subcommand/server/server_config.rs +++ b/src/subcommand/server/server_config.rs @@ -3,13 +3,12 @@ use {super::*, axum::http::HeaderName}; #[derive(Default)] pub(crate) struct ServerConfig { pub(crate) chain: Chain, - pub(crate) cross_origin_isolation: bool, + pub(crate) proxy: Option, pub(crate) csp_origin: Option, pub(crate) decompress: bool, pub(crate) domain: Option, pub(crate) index_sats: bool, pub(crate) json_api_enabled: bool, - pub(crate) proxy: Option, } impl ServerConfig {