2022-02-20 19:42:31 +00:00
|
|
|
#pragma once
|
|
|
|
|
#include "crow/http_request.h"
|
|
|
|
|
#include "crow/http_response.h"
|
2022-03-08 13:33:08 +00:00
|
|
|
#include "crow/routing.h"
|
2022-02-20 19:42:31 +00:00
|
|
|
|
|
|
|
|
namespace crow
|
|
|
|
|
{
|
|
|
|
|
struct CORSHandler;
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Used for tuning CORS policies
|
2022-02-20 19:42:31 +00:00
|
|
|
struct CORSRules
|
|
|
|
|
{
|
|
|
|
|
friend struct crow::CORSHandler;
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Allow-Origin. Default is "*"
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& origin(const std::string& origin)
|
|
|
|
|
{
|
|
|
|
|
origin_ = origin;
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Allow-Methods. Default is "*"
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& methods(crow::HTTPMethod method)
|
|
|
|
|
{
|
|
|
|
|
add_list_item(methods_, crow::method_name(method));
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Allow-Methods. Default is "*"
|
2022-02-20 19:42:31 +00:00
|
|
|
template<typename... Methods>
|
|
|
|
|
CORSRules& methods(crow::HTTPMethod method, Methods... method_list)
|
|
|
|
|
{
|
|
|
|
|
add_list_item(methods_, crow::method_name(method));
|
|
|
|
|
methods(method_list...);
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Allow-Headers. Default is "*"
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& headers(const std::string& header)
|
|
|
|
|
{
|
|
|
|
|
add_list_item(headers_, header);
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Allow-Headers. Default is "*"
|
2022-02-20 19:42:31 +00:00
|
|
|
template<typename... Headers>
|
|
|
|
|
CORSRules& headers(const std::string& header, Headers... header_list)
|
|
|
|
|
{
|
|
|
|
|
add_list_item(headers_, header);
|
|
|
|
|
headers(header_list...);
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set Access-Control-Max-Age. Default is none
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& max_age(int max_age)
|
|
|
|
|
{
|
|
|
|
|
max_age_ = std::to_string(max_age);
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Enable Access-Control-Allow-Credentials
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& allow_credentials()
|
|
|
|
|
{
|
|
|
|
|
allow_credentials_ = true;
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Ignore CORS and don't send any headers
|
2022-02-20 19:42:31 +00:00
|
|
|
void ignore()
|
|
|
|
|
{
|
|
|
|
|
ignore_ = true;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Handle CORS on specific prefix path
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules& prefix(const std::string& prefix);
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Handle CORS for specific blueprint
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules& blueprint(const Blueprint& bp);
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Global CORS policy
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules& global();
|
|
|
|
|
|
2022-02-20 19:42:31 +00:00
|
|
|
private:
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules() = delete;
|
|
|
|
|
CORSRules(CORSHandler* handler):
|
|
|
|
|
handler_(handler) {}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// build comma separated list
|
2022-02-20 19:42:31 +00:00
|
|
|
void add_list_item(std::string& list, const std::string& val)
|
|
|
|
|
{
|
|
|
|
|
if (list == "*") list = "";
|
|
|
|
|
if (list.size() > 0) list += ", ";
|
|
|
|
|
list += val;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set header `key` to `value` if it is not set
|
2022-03-08 13:33:08 +00:00
|
|
|
void set_header_no_override(const std::string& key, const std::string& value, crow::response& res)
|
2022-02-20 19:42:31 +00:00
|
|
|
{
|
|
|
|
|
if (value.size() == 0) return;
|
|
|
|
|
if (!get_header_value(res.headers, key).empty()) return;
|
|
|
|
|
res.add_header(key, value);
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Set response headers
|
2022-02-20 19:42:31 +00:00
|
|
|
void apply(crow::response& res)
|
|
|
|
|
{
|
|
|
|
|
if (ignore_) return;
|
2022-03-08 13:33:08 +00:00
|
|
|
set_header_no_override("Access-Control-Allow-Origin", origin_, res);
|
|
|
|
|
set_header_no_override("Access-Control-Allow-Methods", methods_, res);
|
|
|
|
|
set_header_no_override("Access-Control-Allow-Headers", headers_, res);
|
|
|
|
|
set_header_no_override("Access-Control-Max-Age", max_age_, res);
|
|
|
|
|
if (allow_credentials_) set_header_no_override("Access-Control-Allow-Credentials", "true", res);
|
2022-02-20 19:42:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool ignore_ = false;
|
2022-02-22 14:38:51 +00:00
|
|
|
// TODO: support multiple origins that are dynamically selected
|
2022-02-20 19:42:31 +00:00
|
|
|
std::string origin_ = "*";
|
|
|
|
|
std::string methods_ = "*";
|
|
|
|
|
std::string headers_ = "*";
|
|
|
|
|
std::string max_age_;
|
|
|
|
|
bool allow_credentials_ = false;
|
2022-03-08 13:33:08 +00:00
|
|
|
|
|
|
|
|
CORSHandler* handler_;
|
2022-02-20 19:42:31 +00:00
|
|
|
};
|
|
|
|
|
|
2022-02-22 14:38:51 +00:00
|
|
|
/// CORSHandler is a global middleware for setting CORS headers.
|
2022-03-23 22:55:46 +00:00
|
|
|
|
2022-02-22 14:38:51 +00:00
|
|
|
///
|
|
|
|
|
/// By default, it sets Access-Control-Allow-Origin/Methods/Headers to "*".
|
|
|
|
|
/// The default behaviour can be changed with the `global()` cors rule.
|
|
|
|
|
/// Additional rules for prexies can be added with `prefix()`.
|
2022-02-20 19:42:31 +00:00
|
|
|
struct CORSHandler
|
|
|
|
|
{
|
|
|
|
|
struct context
|
|
|
|
|
{};
|
|
|
|
|
|
|
|
|
|
void before_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/)
|
|
|
|
|
{}
|
|
|
|
|
|
|
|
|
|
void after_handle(crow::request& req, crow::response& res, context& /*ctx*/)
|
|
|
|
|
{
|
|
|
|
|
auto& rule = find_rule(req.url);
|
|
|
|
|
rule.apply(res);
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Handle CORS on a specific prefix path
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& prefix(const std::string& prefix)
|
|
|
|
|
{
|
2022-03-08 13:33:08 +00:00
|
|
|
rules.emplace_back(prefix, CORSRules(this));
|
|
|
|
|
return rules.back().second;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Handle CORS for a specific blueprint
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules& blueprint(const Blueprint& bp)
|
|
|
|
|
{
|
|
|
|
|
rules.emplace_back(bp.prefix(), CORSRules(this));
|
2022-02-20 19:42:31 +00:00
|
|
|
return rules.back().second;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 22:55:46 +00:00
|
|
|
/// Get the global CORS policy
|
2022-02-20 19:42:31 +00:00
|
|
|
CORSRules& global()
|
|
|
|
|
{
|
|
|
|
|
return default_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
CORSRules& find_rule(const std::string& path)
|
|
|
|
|
{
|
2022-03-08 13:33:08 +00:00
|
|
|
// TODO: use a trie in case of many rules
|
2022-02-20 19:42:31 +00:00
|
|
|
for (auto& rule : rules)
|
|
|
|
|
{
|
2022-03-08 13:33:08 +00:00
|
|
|
// Check if path starts with a rules prefix
|
2022-02-20 19:42:31 +00:00
|
|
|
if (path.rfind(rule.first, 0) == 0)
|
|
|
|
|
{
|
|
|
|
|
return rule.second;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return default_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::vector<std::pair<std::string, CORSRules>> rules;
|
2022-03-08 13:33:08 +00:00
|
|
|
CORSRules default_ = CORSRules(this);
|
2022-02-20 19:42:31 +00:00
|
|
|
};
|
|
|
|
|
|
2022-04-08 11:00:17 +00:00
|
|
|
inline CORSRules& CORSRules::prefix(const std::string& prefix)
|
2022-03-08 13:33:08 +00:00
|
|
|
{
|
|
|
|
|
return handler_->prefix(prefix);
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-08 11:00:17 +00:00
|
|
|
inline CORSRules& CORSRules::blueprint(const Blueprint& bp)
|
2022-03-08 13:33:08 +00:00
|
|
|
{
|
|
|
|
|
return handler_->blueprint(bp);
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-08 11:00:17 +00:00
|
|
|
inline CORSRules& CORSRules::global()
|
2022-03-08 13:33:08 +00:00
|
|
|
{
|
|
|
|
|
return handler_->global();
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:42:31 +00:00
|
|
|
} // namespace crow
|
