-
Notifications
You must be signed in to change notification settings - Fork 4.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
580 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package api | ||
|
||
func (c *Sys) CORSStatus() (*CORSResponse, error) { | ||
r := c.c.NewRequest("GET", "/v1/sys/config/cors") | ||
resp, err := c.c.RawRequest(r) | ||
if err != nil { | ||
return nil, err | ||
} | ||
defer resp.Body.Close() | ||
|
||
var result CORSResponse | ||
err = resp.DecodeJSON(&result) | ||
return &result, err | ||
} | ||
|
||
func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error) { | ||
r := c.c.NewRequest("PUT", "/v1/sys/config/cors") | ||
if err := r.SetJSONBody(req); err != nil { | ||
return nil, err | ||
} | ||
|
||
resp, err := c.c.RawRequest(r) | ||
if err != nil { | ||
return nil, err | ||
} | ||
defer resp.Body.Close() | ||
|
||
var result CORSResponse | ||
err = resp.DecodeJSON(&result) | ||
return &result, err | ||
} | ||
|
||
func (c *Sys) DisableCORS() (*CORSResponse, error) { | ||
r := c.c.NewRequest("DELETE", "/v1/sys/config/cors") | ||
|
||
resp, err := c.c.RawRequest(r) | ||
if err != nil { | ||
return nil, err | ||
} | ||
defer resp.Body.Close() | ||
|
||
var result CORSResponse | ||
err = resp.DecodeJSON(&result) | ||
return &result, err | ||
|
||
} | ||
|
||
type CORSRequest struct { | ||
AllowedOrigins string `json:"allowed_origins"` | ||
Enabled bool `json:"enabled"` | ||
} | ||
|
||
type CORSResponse struct { | ||
AllowedOrigins string `json:"allowed_origins"` | ||
Enabled bool `json:"enabled"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package http | ||
|
||
import ( | ||
"net/http" | ||
"strings" | ||
|
||
"github.com/hashicorp/vault/helper/strutil" | ||
"github.com/hashicorp/vault/vault" | ||
) | ||
|
||
var preflightHeaders = map[string]string{ | ||
"Access-Control-Allow-Headers": "*", | ||
"Access-Control-Max-Age": "300", | ||
} | ||
|
||
var allowedMethods = []string{ | ||
http.MethodDelete, | ||
http.MethodGet, | ||
http.MethodOptions, | ||
http.MethodPost, | ||
http.MethodPut, | ||
"LIST", // LIST is not an official HTTP method, but Vault supports it. | ||
} | ||
|
||
func wrapCORSHandler(h http.Handler, core *vault.Core) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { | ||
corsConf := core.CORSConfig() | ||
|
||
origin := req.Header.Get("Origin") | ||
requestMethod := req.Header.Get("Access-Control-Request-Method") | ||
|
||
// If CORS is not enabled or if no Origin header is present (i.e. the request | ||
// is from the Vault CLI. A browser will always send an Origin header), then | ||
// just return a 204. | ||
if !corsConf.IsEnabled() || origin == "" { | ||
h.ServeHTTP(w, req) | ||
return | ||
} | ||
|
||
// Return a 403 if the origin is not | ||
// allowed to make cross-origin requests. | ||
if !corsConf.IsValidOrigin(origin) { | ||
w.WriteHeader(http.StatusForbidden) | ||
return | ||
} | ||
|
||
if req.Method == http.MethodOptions && !strutil.StrListContains(allowedMethods, requestMethod) { | ||
w.WriteHeader(http.StatusMethodNotAllowed) | ||
return | ||
} | ||
|
||
w.Header().Set("Access-Control-Allow-Origin", origin) | ||
w.Header().Set("Vary", "Origin") | ||
|
||
// apply headers for preflight requests | ||
if req.Method == http.MethodOptions { | ||
w.Header().Set("Access-Control-Allow-Methods", strings.Join(allowedMethods, ",")) | ||
|
||
for k, v := range preflightHeaders { | ||
w.Header().Set(k, v) | ||
} | ||
return | ||
} | ||
|
||
h.ServeHTTP(w, req) | ||
return | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.