Merge pull request #310 from lbryio/allow-cors-config

allow Access-Control-Allow-Origin to be configurable
2016-12-06 15:11:38 -05:00 · 2016-12-06 15:11:38 -05:00 · 39005ffc14
parent 239e5c2126 ee00d1984a
commit 39005ffc14
2 changed files with 8 additions and 1 deletions
--- a/lbrynet/conf.py
+++ b/lbrynet/conf.py
@ -162,6 +162,12 @@ ENVIRONMENT = Env(
    lbryum_wallet_dir=(str, default_lbryum_dir),
    use_auth_http=(bool, False),
    sd_download_timeout=(int, 3),
+    # By default, daemon will block all cross origin requests
+    # but if this is set, this value will be used for the
+    # Access-Control-Allow-Origin. For example
+    # set to '*' to allow all requests, or set to 'http://localhost:8080'
+    # if you're running a test UI on that port
+    allowed_origin=(str, ''),
    # TODO: this field is more complicated than it needs to be because
    # it goes through a Fee validator when loaded by the exchange rate
    # manager.  Look into refactoring the exchange rate conversion to
--- a/lbrynet/lbrynet_daemon/auth/server.py
+++ b/lbrynet/lbrynet_daemon/auth/server.py
@ -209,7 +209,8 @@ class AuthJSONRPCServer(AuthorizedBase):
        log.debug(err.getTraceback())

    def _set_headers(self, request, data, update_secret=False):
-        request.setHeader("Access-Control-Allow-Origin", settings.API_INTERFACE)
+        if settings.allowed_origin:
+            request.setHeader("Access-Control-Allow-Origin", settings.allowed_origin)
        request.setHeader("Content-Type", "text/json")
        request.setHeader("Content-Length", str(len(data)))
        if update_secret: