From b97164fcfbdfdb1ae3921131a536aad5f7f3bf0c Mon Sep 17 00:00:00 2001 From: John Leith <leith.john@gmail.com> Date: Sat, 27 Mar 2021 21:56:19 -0600 Subject: [PATCH] adding access control headers --- lbry/extras/daemon/daemon.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lbry/extras/daemon/daemon.py b/lbry/extras/daemon/daemon.py index e1fd4380e..243e106f2 100644 --- a/lbry/extras/daemon/daemon.py +++ b/lbry/extras/daemon/daemon.py @@ -338,6 +338,7 @@ class Daemon(metaclass=JSONRPCServerType): rpc_app.router.add_get('/lbryapi', self.handle_old_jsonrpc) rpc_app.router.add_post('/lbryapi', self.handle_old_jsonrpc) rpc_app.router.add_post('/', self.handle_old_jsonrpc) + rpc_app.router.add_options('/', self.add_cors_headers) self.rpc_runner = web.AppRunner(rpc_app) streaming_app = web.Application() @@ -539,6 +540,18 @@ class Daemon(metaclass=JSONRPCServerType): self.analytics_manager.stop() log.info("finished shutting down") + async def add_cors_headers(self, request): + if self.conf.allowed_origin: + response = web.Response( + headers={ + 'Access-Control-Allow-Origin': self.conf.allowed_origin, + 'Access-Control-Allow-Methods': self.conf.allowed_origin, + 'Access-Control-Allow-Headers': self.conf.allowed_origin, + } + ) + return response + return None + async def handle_old_jsonrpc(self, request): ensure_request_allowed(request, self.conf) data = await request.json() @@ -559,8 +572,16 @@ class Daemon(metaclass=JSONRPCServerType): 'After successfully executing the command, failed to encode result for JSON RPC response.', {'traceback': format_exc()} ), ledger=ledger) + headers = {} + if self.conf.allowed_origin: + headers.update({ + 'Access-Control-Allow-Origin': self.conf.allowed_origin, + 'Access-Control-Allow-Methods': self.conf.allowed_origin, + 'Access-Control-Allow-Headers': self.conf.allowed_origin, + }) return web.Response( text=encoded_result, + headers=headers, content_type='application/json' )