Allow CORS requests in Secret Store API #10584

adetante · 2019-04-10T14:49:54Z

On the same model as what is done for JSON-RPC, this PR allows to specify the list of domains to allow for cross-domain requests to Secret Store API.

With CLI flag --secretstore-http-cors=http://mydomain or in the toml configuration file.

The default behavior is the same as the current one: all cross-domain requests are rejected.

parity-cla-bot · 2019-04-10T14:49:57Z

It looks like @adetante signed our Contributor License Agreement. 👍

Many thanks,

Parity Technologies CLA Bot

svyatonik

Thanks for contribution! Have you considered using cors module from jsonrpc-server-utils crate? Looks like there are some caveats (like case-insensitive origin matching) that are covered there.

secret-store/src/listener/http_listener.rs

adetante · 2019-04-12T08:04:29Z

You're right: I'm going to change my implementation to the jsonrpc-server-utils crate.
Thank you for the feedback.

adetante · 2019-04-12T18:45:34Z

I updated based on your comments.
Thank you for reviewing

svyatonik

LGTM, thanks!

svyatonik · 2019-04-15T07:12:08Z

Test failure seems unrelated - SS tests are working fine on my laptop.

allow CORS requests for Secret Store API (openethereum#10582)

0625dcd

adetante mentioned this pull request Apr 10, 2019

Can SecretStore HTTP API allow cross-origin requests? #10582

Closed

jam10o-new added the A0-pleasereview 🤓 Pull request needs code review. label Apr 10, 2019

Antoine added 3 commits April 10, 2019 17:03

secretstore CORS: fix error with unit tests

eaaf055

secretstore CORS: removed debug log

501f246

secretstore CORS: add missing response's header

88cdf63

sorpaas approved these changes Apr 11, 2019

View reviewed changes

sorpaas added A8-looksgood 🦄 Pull request is reviewed well. and removed A0-pleasereview 🤓 Pull request needs code review. labels Apr 11, 2019

svyatonik approved these changes Apr 12, 2019

View reviewed changes

secret-store/src/listener/http_listener.rs Outdated Show resolved Hide resolved

secret-store/src/listener/http_listener.rs Outdated Show resolved Hide resolved

secret-store/src/listener/http_listener.rs Outdated Show resolved Hide resolved

svyatonik added A3-inprogress ⏳ Pull request is in progress. No review needed at this stage. and removed A8-looksgood 🦄 Pull request is reviewed well. labels Apr 12, 2019

secretstore CORS: switched to jsonrpc-server-utils for CORS validation

dfdcc3e

svyatonik approved these changes Apr 15, 2019

View reviewed changes

svyatonik added A8-looksgood 🦄 Pull request is reviewed well. and removed A3-inprogress ⏳ Pull request is in progress. No review needed at this stage. labels Apr 15, 2019

sorpaas approved these changes Apr 20, 2019

View reviewed changes

sorpaas merged commit 4cc274e into openethereum:master Apr 20, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow CORS requests in Secret Store API #10584

Allow CORS requests in Secret Store API #10584

adetante commented Apr 10, 2019

parity-cla-bot commented Apr 10, 2019

svyatonik left a comment

adetante commented Apr 12, 2019

adetante commented Apr 12, 2019

svyatonik left a comment

svyatonik commented Apr 15, 2019

Allow CORS requests in Secret Store API #10584

Allow CORS requests in Secret Store API #10584

Conversation

adetante commented Apr 10, 2019

parity-cla-bot commented Apr 10, 2019

svyatonik left a comment

Choose a reason for hiding this comment

adetante commented Apr 12, 2019

adetante commented Apr 12, 2019

svyatonik left a comment

Choose a reason for hiding this comment

svyatonik commented Apr 15, 2019