adding access control headers

lbry/extras/daemon/daemon.py

@@ -338,6 +338,7 @@ class Daemon(metaclass=JSONRPCServerType):
         rpc_app.router.add_get('/lbryapi', self.handle_old_jsonrpc)
         rpc_app.router.add_post('/lbryapi', self.handle_old_jsonrpc)
         rpc_app.router.add_post('/', self.handle_old_jsonrpc)
+        rpc_app.router.add_options('/', self.add_cors_headers)
         self.rpc_runner = web.AppRunner(rpc_app)
 
         streaming_app = web.Application()
@@ -539,6 +540,18 @@ class Daemon(metaclass=JSONRPCServerType):
             self.analytics_manager.stop()
         log.info("finished shutting down")
 
+    async def add_cors_headers(self, request):
+        if self.conf.allowed_origin:
+            response = web.Response(
+                headers={
+                    'Access-Control-Allow-Origin': self.conf.allowed_origin,
+                    'Access-Control-Allow-Methods': self.conf.allowed_origin,
+                    'Access-Control-Allow-Headers': self.conf.allowed_origin,
+                }
+            )
+            return response
+        return None
+
     async def handle_old_jsonrpc(self, request):
         ensure_request_allowed(request, self.conf)
         data = await request.json()
@@ -559,8 +572,16 @@ class Daemon(metaclass=JSONRPCServerType):
                 'After successfully executing the command, failed to encode result for JSON RPC response.',
                 {'traceback': format_exc()}
             ), ledger=ledger)
+        headers = {}
+        if self.conf.allowed_origin:
+            headers.update({
+                'Access-Control-Allow-Origin': self.conf.allowed_origin,
+                'Access-Control-Allow-Methods': self.conf.allowed_origin,
+                'Access-Control-Allow-Headers': self.conf.allowed_origin,
+            })
         return web.Response(
             text=encoded_result,
+            headers=headers,
             content_type='application/json'
         )