Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1820 from gravitl/bugfix_cors_allowed_origin

change CORS_ALLOWED_ORIGIN input to comma-separated strings
dcarns 2 years ago
parent
ff19476ac8 ca2fb67490
commit
5eabb6e258
4 changed files with 8 additions and 10 deletions
Split View Show Diff Stats
  1. 1 1
      compose/docker-compose.reference.yml
  2. 4 4
      config/config.go
  3. 2 1
      controllers/controller.go
  4. 1 4
      controllers/regex.go

+ 1 - 1
compose/docker-compose.reference.yml
View File 

@@ -32,7 +32,7 @@ services:
 
       TELEMETRY: "on" # Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
 
       RCE: "off" # Enables setting PostUp and PostDown (arbitrary commands) on nodes from the server. Off by default.
 
       MASTER_KEY: "REPLACE_MASTER_KEY" # The admin master key for accessing the API. Change this in any production installation.
 
-      CORS_ALLOWED_ORIGIN: "*" # The "allowed origin" for API requests. Change to restrict where API requests can come from.
 
+      CORS_ALLOWED_ORIGIN: "*" # The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
 
       DISPLAY_KEYS: "on" # Show keys permanently in UI (until deleted) as opposed to 1-time display.
 
       DATABASE: "sqlite" # Database to use - sqlite, postgres, or rqlite
 
       NODE_ID: "netmaker-server-1" # used for HA - identifies this server vs other servers

+ 4 - 4
config/config.go
View File 

@@ -1,7 +1,7 @@
 
-//Environment file for getting variables
 
-//Currently the only thing it does is set the master password
 
-//Should probably have it take over functions from OS such as port and mongodb connection details
 
-//Reads from the config/environments/dev.yaml file by default
 
+// Environment file for getting variables
 
+// Currently the only thing it does is set the master password
 
+// Should probably have it take over functions from OS such as port and mongodb connection details
 
+// Reads from the config/environments/dev.yaml file by default
 
 package config
 
 
 import (

+ 2 - 1
controllers/controller.go
View File 

@@ -6,6 +6,7 @@ import (
 
 	"net/http"
 
 	"os"
 
 	"os/signal"
 
+	"strings"
 
 	"sync"
 
 	"syscall"
 
 	"time"
 
@@ -38,7 +39,7 @@ func HandleRESTRequests(wg *sync.WaitGroup) {
 
 	// Currently allowed dev origin is all. Should change in prod
 
 	// should consider analyzing the allowed methods further
 
 	headersOk := handlers.AllowedHeaders([]string{"Access-Control-Allow-Origin", "X-Requested-With", "Content-Type", "authorization"})
 
-	originsOk := handlers.AllowedOrigins([]string{servercfg.GetAllowedOrigin()})
 
+	originsOk := handlers.AllowedOrigins(strings.Split(servercfg.GetAllowedOrigin(), ","))
 
 	methodsOk := handlers.AllowedMethods([]string{"GET", "PUT", "POST", "DELETE"})
 
 
 	for _, handler := range HttpHandlers {

+ 1 - 4
controllers/regex.go
View File 

@@ -5,10 +5,7 @@ import (
 
 	"regexp"
 
 )
 
 
-var (
 
-	errInvalidNodeName    = errors.New("Node name must be alphanumderic and/or dashes")
 
-	errInvalidExtClientID = errors.New("Ext client ID must be alphanumderic and/or dashes")
 
-)
 
+var errInvalidExtClientID = errors.New("ext client ID must be alphanumderic and/or dashes")
 
 
 // allow only dashes and alphaneumeric for ext client and node names
 
 func validName(name string) bool {