From ee00d1984a4082519e1480da965c44fd6d3a6dcd Mon Sep 17 00:00:00 2001 From: Job Evers Date: Tue, 22 Nov 2016 14:40:52 -0600 Subject: [PATCH] allow Access-Control-Allow-Origin to be configurable --- lbrynet/conf.py | 6 ++++++ lbrynet/lbrynet_daemon/auth/server.py | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lbrynet/conf.py b/lbrynet/conf.py index 733345dfb..551a48015 100644 --- a/lbrynet/conf.py +++ b/lbrynet/conf.py @@ -163,6 +163,12 @@ ENVIRONMENT = Env( lbryum_wallet_dir=(str, default_lbryum_dir), use_auth_http=(bool, False), sd_download_timeout=(int, 3), + # By default, daemon will block all cross origin requests + # but if this is set, this value will be used for the + # Access-Control-Allow-Origin. For example + # set to '*' to allow all requests, or set to 'http://localhost:8080' + # if you're running a test UI on that port + allowed_origin=(str, ''), # TODO: this field is more complicated than it needs to be because # it goes through a Fee validator when loaded by the exchange rate # manager. Look into refactoring the exchange rate conversion to diff --git a/lbrynet/lbrynet_daemon/auth/server.py b/lbrynet/lbrynet_daemon/auth/server.py index 75b5f7712..10db9fea8 100644 --- a/lbrynet/lbrynet_daemon/auth/server.py +++ b/lbrynet/lbrynet_daemon/auth/server.py @@ -209,7 +209,8 @@ class AuthJSONRPCServer(AuthorizedBase): log.debug(err.getTraceback()) def _set_headers(self, request, data, update_secret=False): - request.setHeader("Access-Control-Allow-Origin", settings.API_INTERFACE) + if settings.allowed_origin: + request.setHeader("Access-Control-Allow-Origin", settings.allowed_origin) request.setHeader("Content-Type", "text/json") request.setHeader("Content-Length", str(len(data))) if update_secret: