[svn-commits] qwell: branch qwell/cross-origin_resource_sharing r393909 - in /team/qwell/cr...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Tue Jul 9 15:44:55 CDT 2013
Author: qwell
Date: Tue Jul 9 15:44:53 2013
New Revision: 393909
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=393909
Log:
Add config option 'allowed_origins'. Validate origin against configuration.
Modified:
team/qwell/cross-origin_resource_sharing/res/res_stasis_http.c
team/qwell/cross-origin_resource_sharing/res/stasis_http/config.c
team/qwell/cross-origin_resource_sharing/res/stasis_http/internal.h
Modified: team/qwell/cross-origin_resource_sharing/res/res_stasis_http.c
URL: http://svnview.digium.com/svn/asterisk/team/qwell/cross-origin_resource_sharing/res/res_stasis_http.c?view=diff&rev=393909&r1=393908&r2=393909
==============================================================================
--- team/qwell/cross-origin_resource_sharing/res/res_stasis_http.c (original)
+++ team/qwell/cross-origin_resource_sharing/res/res_stasis_http.c Tue Jul 9 15:44:53 2013
@@ -285,6 +285,26 @@
ast_str_append(&response->headers, 0, "\r\n");
}
+static int origin_allowed(const char *origin)
+{
+ RAII_VAR(struct ari_conf *, cfg, ari_config_get(), ao2_cleanup);
+
+ char *allowed = ast_strdupa(cfg->general->allowed_origins);
+ char *current;
+
+ while ((current = strsep(&allowed, ","))) {
+ if (!strcmp(current, "*")) {
+ return 1;
+ }
+
+ if (!strcmp(current, origin)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
#define ACR_METHOD "Access-Control-Request-Method"
#define ACR_HEADERS "Access-Control-Request-Headers"
#define ACA_METHODS "Access-Control-Allow-Methods"
@@ -325,7 +345,7 @@
}
/* CORS 6.2, #1 - "If the Origin header is not present terminate this
- * set of steps.
+ * set of steps."
*/
if (origin == NULL) {
return;
@@ -335,14 +355,15 @@
* case-sensitive match for any of the values in list of origins do not
* set any additional headers and terminate this set of steps.
*
- * "Always matching is acceptable since the list of origins can be
+ * Always matching is acceptable since the list of origins can be
* unbounded.
*
- * "The Origin header can only contain a single origin as the user agent
- * will not follow redirects.
- *
- * TODO - pull list of allowed origins from config
- */
+ * The Origin header can only contain a single origin as the user agent
+ * will not follow redirects."
+ */
+ if (!origin_allowed(origin)) {
+ return;
+ }
/* CORS 6.2, #3 - "If there is no Access-Control-Request-Method header
* or if parsing failed, do not set any additional headers and terminate
@@ -389,7 +410,7 @@
* case-insensitive match for any of the values in list of headers do
* not set any additional headers and terminate this set of steps.
*
- * "Note: Always matching is acceptable since the list of headers can be
+ * Note: Always matching is acceptable since the list of headers can be
* unbounded."
*/
@@ -415,7 +436,7 @@
/* CORS 6.2, #10 - "Add one or more Access-Control-Allow-Headers headers
* consisting of (a subset of) the list of headers.
*
- * "Since the list of headers can be unbounded simply returning headers
+ * Since the list of headers can be unbounded simply returning headers
* can be enough."
*/
if (!ast_strlen_zero(acr_headers)) {
@@ -692,25 +713,25 @@
* case-sensitive match for any of the values in list of origins, do not
* set any additional headers and terminate this set of steps.
*
- * "Note: Always matching is acceptable since the list of origins can be
+ * Note: Always matching is acceptable since the list of origins can be
* unbounded."
- *
- * TODO - pull list of allowed origins from config
- */
+ */
+ if (!origin_allowed(origin)) {
+ return;
+ }
/* CORS 6.1, #3 - "If the resource supports credentials add a single
* Access-Control-Allow-Origin header, with the value of the Origin
* header as value, and add a single Access-Control-Allow-Credentials
* header with the case-sensitive string "true" as value.
*
- * "Otherwise, add a single Access-Control-Allow-Origin header, with
+ * Otherwise, add a single Access-Control-Allow-Origin header, with
* either the value of the Origin header or the string "*" as value."
- *
- * TODO - when we add authentication, this will change to
- * Access-Control-Allow-Credentials.
*/
ast_str_append(&response->headers, 0,
"Access-Control-Allow-Origin: %s\r\n", origin);
+ ast_str_append(&response->headers, 0,
+ "Access-Control-Allow-Credentials: true\r\n");
/* CORS 6.1, #4 - "If the list of exposed headers is not empty add one
* or more Access-Control-Expose-Headers headers, with as values the
Modified: team/qwell/cross-origin_resource_sharing/res/stasis_http/config.c
URL: http://svnview.digium.com/svn/asterisk/team/qwell/cross-origin_resource_sharing/res/stasis_http/config.c?view=diff&rev=393909&r1=393908&r2=393909
==============================================================================
--- team/qwell/cross-origin_resource_sharing/res/stasis_http/config.c (original)
+++ team/qwell/cross-origin_resource_sharing/res/stasis_http/config.c Tue Jul 9 15:44:53 2013
@@ -167,6 +167,9 @@
static void conf_destructor(void *obj)
{
struct ari_conf *cfg = obj;
+
+ ast_string_field_free_memory(cfg->general);
+
ao2_cleanup(cfg->general);
ao2_cleanup(cfg->users);
}
@@ -185,6 +188,10 @@
cfg->general = ao2_alloc_options(sizeof(*cfg->general), NULL,
AO2_ALLOC_OPT_LOCK_NOLOCK);
if (!cfg->general) {
+ return NULL;
+ }
+
+ if (ast_string_field_init(cfg->general, 64)) {
return NULL;
}
@@ -316,6 +323,9 @@
"Asterisk REST Interface", OPT_CHAR_ARRAY_T, 0,
FLDSET(struct ari_conf_general, auth_realm),
ARI_AUTH_REALM_LEN);
+ aco_option_register(&cfg_info, "allowed_origins", ACO_EXACT, general_options,
+ "", OPT_STRINGFIELD_T, 0,
+ STRFLDSET(struct ari_conf_general, allowed_origins));
aco_option_register(&cfg_info, "read_only", ACO_EXACT, user,
"no", OPT_BOOL_T, 1,
Modified: team/qwell/cross-origin_resource_sharing/res/stasis_http/internal.h
URL: http://svnview.digium.com/svn/asterisk/team/qwell/cross-origin_resource_sharing/res/stasis_http/internal.h?view=diff&rev=393909&r1=393908&r2=393909
==============================================================================
--- team/qwell/cross-origin_resource_sharing/res/stasis_http/internal.h (original)
+++ team/qwell/cross-origin_resource_sharing/res/stasis_http/internal.h Tue Jul 9 15:44:53 2013
@@ -67,6 +67,10 @@
enum ast_json_encoding_format format;
/*! Authentication realm */
char auth_realm[ARI_AUTH_REALM_LEN];
+
+ AST_DECLARE_STRING_FIELDS(
+ AST_STRING_FIELD(allowed_origins);
+ );
};
/*! \brief Password format */
More information about the svn-commits
mailing list