From 38d670226f5903b1576672cafba5693b511e7abc Mon Sep 17 00:00:00 2001 From: MD Aleem <72057206+aleem1314@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:03:42 +0530 Subject: [PATCH] feat: grpc-web add CORS handler (#9493) ## Description Closes: #9467 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) --- CHANGELOG.md | 1 + server/config/config.go | 8 ++++++-- server/config/toml.go | 3 +++ server/grpc/grpc_web.go | 11 ++++++++++- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47325522b72f..d45704258035 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -131,6 +131,7 @@ if input key is empty, or input data contains empty key. ### Improvements +* (gRPC-Web) [\#9493](https://github.com/cosmos/cosmos-sdk/pull/9493) Add `EnableUnsafeCORS` flag to grpc-web config. * (store) [\#9403](https://github.com/cosmos/cosmos-sdk/pull/9403) Add `RefundGas` function to `GasMeter` interface * (baseapp, types) [\#9390](https://github.com/cosmos/cosmos-sdk/pull/9390) Add current block header hash to `Context` * (x/staking) [\#9423](https://github.com/cosmos/cosmos-sdk/pull/9423) Staking delegations now returns empty list instead of rpc error when no records found. diff --git a/server/config/config.go b/server/config/config.go index 8f1c47e88d2c..907e64a63490 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -140,6 +140,9 @@ type GRPCWebConfig struct { // Address defines the gRPC-web server to listen on Address string `mapstructure:"address"` + + // EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk) + EnableUnsafeCORS bool `mapstructure:"enable-unsafe-cors"` } // StateSyncConfig defines the state sync snapshot configuration. @@ -297,8 +300,9 @@ func GetConfig(v *viper.Viper) Config { Address: v.GetString("grpc.address"), }, GRPCWeb: GRPCWebConfig{ - Enable: v.GetBool("grpc-web.enable"), - Address: v.GetString("grpc-web.address"), + Enable: v.GetBool("grpc-web.enable"), + Address: v.GetString("grpc-web.address"), + EnableUnsafeCORS: v.GetBool("grpc-web.enable-unsafe-cors"), }, StateSync: StateSyncConfig{ SnapshotInterval: v.GetUint64("state-sync.snapshot-interval"), diff --git a/server/config/toml.go b/server/config/toml.go index 88197defe91b..d2eb2601e911 100644 --- a/server/config/toml.go +++ b/server/config/toml.go @@ -184,6 +184,9 @@ enable = {{ .GRPCWeb.Enable }} # Address defines the gRPC-web server address to bind to. address = "{{ .GRPCWeb.Address }}" +# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk). +enable-unsafe-cors = {{ .GRPCWeb.EnableUnsafeCORS }} + ############################################################################### ### State Sync Configuration ### ############################################################################### diff --git a/server/grpc/grpc_web.go b/server/grpc/grpc_web.go index 67dc4364a80f..593779835a78 100644 --- a/server/grpc/grpc_web.go +++ b/server/grpc/grpc_web.go @@ -11,7 +11,16 @@ import ( // StartGRPCWeb starts a gRPC-Web server on the given address. func StartGRPCWeb(grpcSrv *grpc.Server, config config.Config) (*http.Server, error) { - wrappedServer := grpcweb.WrapServer(grpcSrv) + var options []grpcweb.Option + if config.GRPCWeb.EnableUnsafeCORS { + options = append(options, + grpcweb.WithOriginFunc(func(origin string) bool { + return true + }), + ) + } + + wrappedServer := grpcweb.WrapServer(grpcSrv, options...) handler := func(resp http.ResponseWriter, req *http.Request) { wrappedServer.ServeHTTP(resp, req) }