From b6fde73ef130e80eb834a60e766ce288de800bef Mon Sep 17 00:00:00 2001 From: Taylor Gerring Date: Sun, 29 Mar 2015 21:56:04 +0200 Subject: Add settable domain to CORS handler #331 --- rpc/http.go | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/rpc/http.go b/rpc/http.go index d146f28a6..f15d557ad 100644 --- a/rpc/http.go +++ b/rpc/http.go @@ -10,6 +10,7 @@ import ( "github.com/ethereum/go-ethereum/logger" "github.com/ethereum/go-ethereum/xeth" + "github.com/rs/cors" ) var rpclogger = logger.NewLogger("RPC") @@ -25,7 +26,21 @@ func Start(pipe *xeth.XEth, config RpcConfig) error { rpclogger.Errorf("Can't listen on %s:%d: %v", config.ListenAddress, config.ListenPort, err) return err } - go http.Serve(l, JSONRPC(pipe)) + + var handler http.Handler + if len(config.CorsDomain) > 0 { + var opts cors.Options + opts.AllowedMethods = []string{"POST"} + opts.AllowedOrigins = []string{config.CorsDomain} + + c := cors.New(opts) + handler = c.Handler(JSONRPC(pipe)) + } else { + handler = JSONRPC(pipe) + } + + go http.Serve(l, handler) + return nil } @@ -34,8 +49,7 @@ func JSONRPC(pipe *xeth.XEth) http.Handler { api := NewEthereumApi(pipe) return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - // TODO this needs to be configurable - w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Content-Type", "application/json") // Limit request size to resist DoS if req.ContentLength > maxSizeReqLength { -- cgit