Merge pull request #310 from lbryio/allow-cors-config

allow Access-Control-Allow-Origin to be configurable
This commit is contained in:
alexliebowitz 2016-12-06 15:11:38 -05:00 committed by GitHub
commit 39005ffc14
2 changed files with 8 additions and 1 deletions

View file

@ -162,6 +162,12 @@ ENVIRONMENT = Env(
lbryum_wallet_dir=(str, default_lbryum_dir), lbryum_wallet_dir=(str, default_lbryum_dir),
use_auth_http=(bool, False), use_auth_http=(bool, False),
sd_download_timeout=(int, 3), sd_download_timeout=(int, 3),
# By default, daemon will block all cross origin requests
# but if this is set, this value will be used for the
# Access-Control-Allow-Origin. For example
# set to '*' to allow all requests, or set to 'http://localhost:8080'
# if you're running a test UI on that port
allowed_origin=(str, ''),
# TODO: this field is more complicated than it needs to be because # TODO: this field is more complicated than it needs to be because
# it goes through a Fee validator when loaded by the exchange rate # it goes through a Fee validator when loaded by the exchange rate
# manager. Look into refactoring the exchange rate conversion to # manager. Look into refactoring the exchange rate conversion to

View file

@ -209,7 +209,8 @@ class AuthJSONRPCServer(AuthorizedBase):
log.debug(err.getTraceback()) log.debug(err.getTraceback())
def _set_headers(self, request, data, update_secret=False): def _set_headers(self, request, data, update_secret=False):
request.setHeader("Access-Control-Allow-Origin", settings.API_INTERFACE) if settings.allowed_origin:
request.setHeader("Access-Control-Allow-Origin", settings.allowed_origin)
request.setHeader("Content-Type", "text/json") request.setHeader("Content-Type", "text/json")
request.setHeader("Content-Length", str(len(data))) request.setHeader("Content-Length", str(len(data)))
if update_secret: if update_secret: