allow Access-Control-Allow-Origin to be configurable

2016-11-22 14:40:52 -06:00 · 2016-11-22 14:40:52 -06:00 · ee00d1984a
commit ee00d1984a
parent 2fb71610a4
2 changed files with 8 additions and 1 deletions
--- a/lbrynet/conf.py
+++ b/lbrynet/conf.py
@ -163,6 +163,12 @@ ENVIRONMENT = Env(
    lbryum_wallet_dir=(str, default_lbryum_dir),
    use_auth_http=(bool, False),
    sd_download_timeout=(int, 3),
    # By default, daemon will block all cross origin requests
    # but if this is set, this value will be used for the
    # Access-Control-Allow-Origin. For example
    # set to '*' to allow all requests, or set to 'http://localhost:8080'
    # if you're running a test UI on that port
    allowed_origin=(str, ''),
    # TODO: this field is more complicated than it needs to be because
    # it goes through a Fee validator when loaded by the exchange rate
    # manager.  Look into refactoring the exchange rate conversion to
--- a/lbrynet/lbrynet_daemon/auth/server.py
+++ b/lbrynet/lbrynet_daemon/auth/server.py
@ -209,7 +209,8 @@ class AuthJSONRPCServer(AuthorizedBase):
        log.debug(err.getTraceback())
    def _set_headers(self, request, data, update_secret=False):
-        request.setHeader("Access-Control-Allow-Origin", settings.API_INTERFACE)
+        if settings.allowed_origin:
            request.setHeader("Access-Control-Allow-Origin", settings.allowed_origin)
        request.setHeader("Content-Type", "text/json")
        request.setHeader("Content-Length", str(len(data)))
        if update_secret: