Skip to content

Commit

Permalink
Revert "Serve responses with cross origin isolation headers (ordinals…
Browse files Browse the repository at this point in the history
…#3898)"

This reverts commit 2de128f.
  • Loading branch information
casey committed Aug 29, 2024
1 parent 9fff9a0 commit 4a85b7e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 50 deletions.
50 changes: 2 additions & 48 deletions src/subcommand/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ use {
axum::{
body,
extract::{DefaultBodyLimit, Extension, Json, Path, Query},
http::{header, HeaderName, HeaderValue, StatusCode, Uri},
http::{header, HeaderValue, StatusCode, Uri},
response::{IntoResponse, Redirect, Response},
routing::{get, post},
Router,
Expand Down Expand Up @@ -84,8 +84,6 @@ pub struct Server {
help = "Decompress encoded content. Currently only supports brotli. Be careful using this on production instances. A decompressed inscription may be arbitrarily large, making decompression a DoS vector."
)]
pub(crate) decompress: bool,
#[arg(long, help = "Disable cross origin isolation.")]
pub(crate) disable_cross_origin_isolation: bool,
#[arg(long, help = "Disable JSON API.")]
pub(crate) disable_json_api: bool,
#[arg(
Expand Down Expand Up @@ -160,13 +158,12 @@ impl Server {

let server_config = Arc::new(ServerConfig {
chain: settings.chain(),
cross_origin_isolation: !self.disable_cross_origin_isolation,
proxy: self.proxy.clone(),
csp_origin: self.csp_origin.clone(),
decompress: self.decompress,
domain: acme_domains.first().cloned(),
index_sats: index.has_sat_index(),
json_api_enabled: !self.disable_json_api,
proxy: self.proxy.clone(),
});

let router = Router::new()
Expand Down Expand Up @@ -292,24 +289,6 @@ impl Server {
.layer(CompressionLayer::new())
.with_state(server_config.clone());

let router = if server_config.cross_origin_isolation {
router
.layer(SetResponseHeaderLayer::overriding(
HeaderName::from_static("cross-origin-embedder-policy"),
HeaderValue::from_static("require-corp"),
))
.layer(SetResponseHeaderLayer::overriding(
HeaderName::from_static("cross-origin-opener-policy"),
HeaderValue::from_static("same-origin"),
))
.layer(SetResponseHeaderLayer::overriding(
HeaderName::from_static("cross-origin-resource-policy"),
HeaderValue::from_static("same-site"),
))
} else {
router
};

let router = if server_config.json_api_enabled {
router.layer(DefaultBodyLimit::disable())
} else {
Expand Down Expand Up @@ -4825,31 +4804,6 @@ mod tests {
);
}

#[test]
fn cross_origin_isolation_headers() {
const COEP: HeaderName = HeaderName::from_static("cross-origin-embedder-policy");
const COOP: HeaderName = HeaderName::from_static("cross-origin-opener-policy");
const CORP: HeaderName = HeaderName::from_static("cross-origin-resource-policy");

{
let response = TestServer::new().get("/status");
assert_eq!(response.headers().get(COEP).unwrap(), "require-corp");
assert_eq!(response.headers().get(COOP).unwrap(), "same-origin");
assert_eq!(response.headers().get(CORP).unwrap(), "same-site");
}

{
let response = TestServer::builder()
.server_flag("--disable-cross-origin-isolation")
.build()
.get("/status");

assert!(response.headers().get(COEP).is_none());
assert!(response.headers().get(COOP).is_none());
assert!(response.headers().get(CORP).is_none());
}
}

#[test]
fn feed() {
let server = TestServer::builder()
Expand Down
3 changes: 1 addition & 2 deletions src/subcommand/server/server_config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,12 @@ use {super::*, axum::http::HeaderName};
#[derive(Default)]
pub(crate) struct ServerConfig {
pub(crate) chain: Chain,
pub(crate) cross_origin_isolation: bool,
pub(crate) proxy: Option<Url>,
pub(crate) csp_origin: Option<String>,
pub(crate) decompress: bool,
pub(crate) domain: Option<String>,
pub(crate) index_sats: bool,
pub(crate) json_api_enabled: bool,
pub(crate) proxy: Option<Url>,
}

impl ServerConfig {
Expand Down

0 comments on commit 4a85b7e

Please sign in to comment.