summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2014-05-27 14:40:58 +0200
committerJo-Philipp Wich <jow@openwrt.org>2014-06-10 12:33:59 +0200
commitb965b8cc10f094ec0408d57b1bc9aeee0bca501c (patch)
tree2f3b7f753b0b3f414032f978243da8945def7a18
parentdabd7dea6445aaa0e5b8d9add1872fa7393b3a85 (diff)
ubus: add CORS header support
In order to support cross-domain AJAX requests to the /ubus endpoint we need to implement the Cross-Origin Resource Sharing (CORS) spec in the ubus plugin. - Implement a new option "-X" to enable CORS support in ubus - Implement rudimentary support for "OPTIONS" HTTP requests - Implement essential CORS headers the ubus plugin The current CORS response headers merely reflect the request headers sent by the client, this way any requesting origin is automatically allowed. Cross-domain cookies (Access-Control-Allow-Credentials) are unconditionally enabled. Restricting permitted origins and toggle the credential accepting can be made configurable in a future commit to allow more fine grained control over permitted AJAX clients. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r--client.c1
-rw-r--r--main.c8
-rw-r--r--ubus.c75
-rw-r--r--uhttpd.h2
-rw-r--r--utils.c2
5 files changed, 78 insertions, 10 deletions
diff --git a/client.c b/client.c
index 3a6b09e..9b8fb07 100644
--- a/client.c
+++ b/client.c
@@ -39,6 +39,7 @@ const char * const http_methods[] = {
[UH_HTTP_MSG_GET] = "GET",
[UH_HTTP_MSG_POST] = "POST",
[UH_HTTP_MSG_HEAD] = "HEAD",
+ [UH_HTTP_MSG_OPTIONS] = "OPTIONS",
};
void uh_http_header(struct client *cl, int code, const char *summary)
diff --git a/main.c b/main.c
index e89a99a..44c3226 100644
--- a/main.c
+++ b/main.c
@@ -151,6 +151,7 @@ static int usage(const char *name)
" -u string URL prefix for UBUS via JSON-RPC handler\n"
" -U file Override ubus socket path\n"
" -a Do not authenticate JSON-RPC requests against UBUS session api\n"
+ " -X Enable CORS HTTP headers on JSON-RPC api\n"
#endif
" -x string URL prefix for CGI handler, default is '/cgi-bin'\n"
" -i .ext=path Use interpreter at path for files with the given extension\n"
@@ -226,7 +227,7 @@ int main(int argc, char **argv)
init_defaults_pre();
signal(SIGPIPE, SIG_IGN);
- while ((ch = getopt(argc, argv, "afSDRC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
+ while ((ch = getopt(argc, argv, "afSDRXC:K:E:I:p:s:h:c:l:L:d:r:m:n:N:x:i:t:k:T:A:u:U:")) != -1) {
switch(ch) {
#ifdef HAVE_TLS
case 'C':
@@ -402,10 +403,15 @@ int main(int argc, char **argv)
case 'U':
conf.ubus_socket = optarg;
break;
+
+ case 'X':
+ conf.ubus_cors = 1;
+ break;
#else
case 'a':
case 'u':
case 'U':
+ case 'X':
fprintf(stderr, "uhttpd: UBUS support not compiled, "
"ignoring -%c\n", opt);
break;
diff --git a/ubus.c b/ubus.c
index 39dca35..269f7cd 100644
--- a/ubus.c
+++ b/ubus.c
@@ -104,6 +104,13 @@ static const struct {
[ERROR_TIMEOUT] = { -32003, "ubus request timed out" },
};
+enum cors_hdr {
+ HDR_ORIGIN,
+ HDR_ACCESS_CONTROL_REQUEST_METHOD,
+ HDR_ACCESS_CONTROL_REQUEST_HEADERS,
+ __HDR_MAX
+};
+
static void __uh_ubus_next_batched_request(struct uloop_timeout *timeout);
static void uh_ubus_next_batched_request(struct client *cl)
@@ -114,10 +121,52 @@ static void uh_ubus_next_batched_request(struct client *cl)
uloop_timeout_set(&du->timeout, 1);
}
+static void uh_ubus_add_cors_headers(struct client *cl)
+{
+ struct blob_attr *tb[__HDR_MAX];
+ static const struct blobmsg_policy hdr_policy[__HDR_MAX] = {
+ [HDR_ORIGIN] = { "origin", BLOBMSG_TYPE_STRING },
+ [HDR_ACCESS_CONTROL_REQUEST_METHOD] = { "access-control-request-method", BLOBMSG_TYPE_STRING },
+ [HDR_ACCESS_CONTROL_REQUEST_HEADERS] = { "access-control-request-headers", BLOBMSG_TYPE_STRING },
+ };
+
+ blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
+
+ if (!tb[HDR_ORIGIN])
+ return;
+
+ if (tb[HDR_ACCESS_CONTROL_REQUEST_METHOD])
+ {
+ char *hdr = (char *) blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_METHOD]);
+
+ if (strcmp(hdr, "POST") && strcmp(hdr, "OPTIONS"))
+ return;
+ }
+
+ ustream_printf(cl->us, "Access-Control-Allow-Origin: %s\r\n",
+ blobmsg_data(tb[HDR_ORIGIN]));
+
+ if (tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS])
+ ustream_printf(cl->us, "Access-Control-Allow-Headers: %s\r\n",
+ blobmsg_data(tb[HDR_ACCESS_CONTROL_REQUEST_HEADERS]));
+
+ ustream_printf(cl->us, "Access-Control-Allow-Methods: POST, OPTIONS\r\n");
+ ustream_printf(cl->us, "Access-Control-Allow-Credentials: true\r\n");
+}
+
static void uh_ubus_send_header(struct client *cl)
{
ops->http_header(cl, 200, "OK");
- ustream_printf(cl->us, "Content-Type: application/json\r\n\r\n");
+
+ if (conf.ubus_cors)
+ uh_ubus_add_cors_headers(cl);
+
+ ustream_printf(cl->us, "Content-Type: application/json\r\n");
+
+ if (cl->request.method == UH_HTTP_MSG_OPTIONS)
+ ustream_printf(cl->us, "Content-Length: 0\r\n");
+
+ ustream_printf(cl->us, "\r\n");
}
static void uh_ubus_send_response(struct client *cl)
@@ -571,14 +620,24 @@ static void uh_ubus_handle_request(struct client *cl, char *url, struct path_inf
blob_buf_init(&buf, 0);
- if (cl->request.method != UH_HTTP_MSG_POST)
- return ops->client_error(cl, 400, "Bad Request", "Invalid Request");
+ switch (cl->request.method)
+ {
+ case UH_HTTP_MSG_POST:
+ d->data_send = uh_ubus_data_send;
+ d->data_done = uh_ubus_data_done;
+ d->close_fds = uh_ubus_close_fds;
+ d->free = uh_ubus_request_free;
+ d->ubus.jstok = json_tokener_new();
+ break;
+
+ case UH_HTTP_MSG_OPTIONS:
+ uh_ubus_send_header(cl);
+ ops->request_done(cl);
+ break;
- d->close_fds = uh_ubus_close_fds;
- d->free = uh_ubus_request_free;
- d->data_send = uh_ubus_data_send;
- d->data_done = uh_ubus_data_done;
- d->ubus.jstok = json_tokener_new();
+ default:
+ ops->client_error(cl, 400, "Bad Request", "Invalid Request");
+ }
}
static bool
diff --git a/uhttpd.h b/uhttpd.h
index daf68ce..6ef28d9 100644
--- a/uhttpd.h
+++ b/uhttpd.h
@@ -68,6 +68,7 @@ struct config {
int http_keepalive;
int script_timeout;
int ubus_noauth;
+ int ubus_cors;
};
struct auth_realm {
@@ -81,6 +82,7 @@ enum http_method {
UH_HTTP_MSG_GET,
UH_HTTP_MSG_POST,
UH_HTTP_MSG_HEAD,
+ UH_HTTP_MSG_OPTIONS,
};
enum http_version {
diff --git a/utils.c b/utils.c
index b1d7d37..1c21fc5 100644
--- a/utils.c
+++ b/utils.c
@@ -25,7 +25,7 @@ bool uh_use_chunked(struct client *cl)
if (cl->request.version != UH_HTTP_VER_1_1)
return false;
- if (cl->request.method == UH_HTTP_MSG_HEAD)
+ if (cl->request.method == UH_HTTP_MSG_HEAD || cl->request.method == UH_HTTP_MSG_OPTIONS)
return false;
return true;