commands/http: Allow API requests from whitelisted origins

fd9e4610 · Matt Bell · Brian Tiger Chow · 9acedbbb · fd9e4610
Commit fd9e4610 authored Nov 18, 2014 by Matt Bell Committed by Brian Tiger Chow Nov 25, 2014
Show whitespace changes
Inline Side-by-side

Showing with 15 additions and 4 deletions

http/handler.go http/handler.go +15 -4

No files found.
--- a/http/handler.go
+++ b/http/handler.go
@@ -14,6 +14,7 @@ var log = u.Logger("commands/http")
 type Handler struct {
 	ctx    cmds.Context
 	root   *cmds.Command
+	origin string
 }

 var ErrNotFound = errors.New("404 page not found")
@@ -29,13 +30,23 @@ var mimeTypes = map[string]string{
 	cmds.Text: "text/plain",
 }

-func NewHandler(ctx cmds.Context, root *cmds.Command) *Handler {
-	return &Handler{ctx, root}
+func NewHandler(ctx cmds.Context, root *cmds.Command, origin string) *Handler {
+	// allow whitelisted origins (so we can make API requests from the browser)
+	if len(origin) > 0 {
+		log.Info("Allowing API requests from origin: " + origin)
+	}
+
+	return &Handler{ctx, root, origin}
 }

 func (i Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	log.Debug("Incoming API request: ", r.URL)

+	if len(i.origin) > 0 {
+		w.Header().Set("Access-Control-Allow-Origin", i.origin)
+	}
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+
 	req, err := Parse(r, i.root)
 	if err != nil {
 		if err == ErrNotFound {