Merge pull request #589 from tgerring/corssetting

Configurable CORS domain

2 files changed, 34 insertions, 2 deletions

diff --git a/rpc/http.go b/rpc/http.go
index 919c567bd..f15d557ad 100644
--- a/rpc/http.go
+++ b/rpc/http.go
@@ -2,12 +2,15 @@ package rpc
 
 import (
 	"encoding/json"
+	"fmt"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/http"
 
 	"github.com/ethereum/go-ethereum/logger"
 	"github.com/ethereum/go-ethereum/xeth"
+	"github.com/rs/cors"
 )
 
 var rpclogger = logger.NewLogger("RPC")
@@ -17,13 +20,36 @@ const (
 	maxSizeReqLength = 1024 * 1024 // 1MB
 )
 
+func Start(pipe *xeth.XEth, config RpcConfig) error {
+	l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", config.ListenAddress, config.ListenPort))
+	if err != nil {
+		rpclogger.Errorf("Can't listen on %s:%d: %v", config.ListenAddress, config.ListenPort, err)
+		return err
+	}
+
+	var handler http.Handler
+	if len(config.CorsDomain) > 0 {
+		var opts cors.Options
+		opts.AllowedMethods = []string{"POST"}
+		opts.AllowedOrigins = []string{config.CorsDomain}
+
+		c := cors.New(opts)
+		handler = c.Handler(JSONRPC(pipe))
+	} else {
+		handler = JSONRPC(pipe)
+	}
+
+	go http.Serve(l, handler)
+
+	return nil
+}
+
 // JSONRPC returns a handler that implements the Ethereum JSON-RPC API.
 func JSONRPC(pipe *xeth.XEth) http.Handler {
 	api := NewEthereumApi(pipe)
 
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		// TODO this needs to be configurable
-		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Content-Type", "application/json")
 
 		// Limit request size to resist DoS
 		if req.ContentLength > maxSizeReqLength {
diff --git a/rpc/messages.go b/rpc/messages.go
index 5c498234f..43c4d5e0d 100644
--- a/rpc/messages.go
+++ b/rpc/messages.go
@@ -21,6 +21,12 @@ import (
 	"fmt"
 )
 
+type RpcConfig struct {
+	ListenAddress string
+	ListenPort    uint
+	CorsDomain    string
+}
+
 type InvalidTypeError struct {
 	method string
 	msg    string