Skip to content

Adding a very simple CORS implementation #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ehsandeep merged 4 commits into from
Mar 15, 2023
Merged

Adding a very simple CORS implementation #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d70d482
Merge pull request #74 from projectdiscovery/dev
ehsandeep Apr 18, 2022
d12399d
Added a very simple CORS implementation
NoF0rte Nov 7, 2022
3a7bc37
Update header add location
ShubhamRasal Mar 15, 2023
edf3153
Merge branch 'dev' into master
ehsandeep Mar 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions internal/runner/options.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ type Options struct {
MaxFileSize int
HTTP1Only bool
MaxDumpBodySize int
CORS bool
HTTPHeaders HTTPHeaders
}

Expand Down Expand Up @@ -64,6 +65,7 @@ func ParseOptions() *Options {
flag.BoolVar(&options.HTTP1Only, "http1", false, "Enable only HTTP1")
flag.IntVar(&options.MaxFileSize, "max-file-size", 50, "Max Upload File Size")
flag.IntVar(&options.MaxDumpBodySize, "max-dump-body-size", -1, "Max Dump Body Size")
flag.BoolVar(&options.CORS, "cors", false, "Enable Cross-Origin Resource Sharing (CORS)")
flag.Var(&options.HTTPHeaders, "header", "Add HTTP Response Header (name: value), can be used multiple times")
flag.Parse()

Expand Down
1 change: 1 addition & 0 deletions internal/runner/runner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ func New(options *Options) (*Runner, error) {
MaxFileSize: r.options.MaxFileSize,
HTTP1Only: r.options.HTTP1Only,
MaxDumpBodySize: unit.ToMb(r.options.MaxDumpBodySize),
CORS: r.options.CORS,
HTTPHeaders: r.options.HTTPHeaders,
})
if err != nil {
Expand Down
28 changes: 28 additions & 0 deletions pkg/httpserver/corslayer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package httpserver

import (
"net/http"
"strings"
)

func (t *HTTPServer) corslayer(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
headers := w.Header()
headers.Set("Access-Control-Allow-Origin", "*")
if r.Method != http.MethodOptions {
handler.ServeHTTP(w, r)
return
}

headers.Add("Vary", "Origin")
headers.Add("Vary", "Access-Control-Request-Method")
headers.Add("Vary", "Access-Control-Request-Headers")

reqMethod := r.Header.Get("Access-Control-Request-Method")
if reqMethod != "" {
headers.Set("Access-Control-Allow-Methods", strings.ToUpper(reqMethod))
}

w.WriteHeader(http.StatusOK)
})
}
5 changes: 5 additions & 0 deletions pkg/httpserver/httpserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ type Options struct {
HTTP1Only bool
MaxFileSize int // 50Mb
MaxDumpBodySize int64
CORS bool
HTTPHeaders []HTTPHeader
}

Expand Down Expand Up @@ -72,6 +73,10 @@ func New(options *Options) (*HTTPServer, error) {
addHandler(h.basicauthlayer)
}

if options.CORS {
addHandler(h.corslayer)
}

httpHandler = h.loglayer(httpHandler)
httpHandler = h.headerlayer(httpHandler, options.HTTPHeaders)

Expand Down