From b498ae7e38215cabeb9c9980536dd664f9cc77fd Mon Sep 17 00:00:00 2001 From: Devaev Maxim Date: Tue, 22 Sep 2020 17:58:10 +0300 Subject: [PATCH] Issue #48: Disabled cross-domain requests by default --- src/http/server.c | 11 ++++++++--- src/http/server.h | 1 + src/options.c | 4 ++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/http/server.c b/src/http/server.c index c2637d8..662f615 100644 --- a/src/http/server.c +++ b/src/http/server.c @@ -112,6 +112,7 @@ struct http_server_t *http_server_init(struct stream_t *stream) { server->user = ""; server->passwd = ""; server->static_path = ""; + server->allow_origin = ""; server->timeout = 10; server->last_as_blank = -1; server->run = run; @@ -456,7 +457,9 @@ static void _http_callback_snapshot(struct evhttp_request *request, void *v_serv assert((buf = evbuffer_new())); assert(!evbuffer_add(buf, (const void *)EXPOSED(picture->data), EXPOSED(picture->used))); - ADD_HEADER("Access-Control-Allow-Origin:", "*"); + if (server->allow_origin[0] != '\0') { + ADD_HEADER("Access-Control-Allow-Origin", server->allow_origin); + } ADD_HEADER("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate, pre-check=0, post-check=0, max-age=0"); ADD_HEADER("Pragma", "no-cache"); ADD_HEADER("Expires", "Mon, 3 Jan 2000 12:34:56 GMT"); @@ -620,9 +623,11 @@ static void _http_callback_stream_write(struct bufferevent *buf_event, void *v_c "Content-Type: image/jpeg" RN "X-Timestamp: %.06Lf" RN RN, get_now_real())) if (client->need_initial) { + assert(evbuffer_add_printf(buf, "HTTP/1.0 200 OK" RN)); + if (client->server->allow_origin[0] != '\0') { + assert(evbuffer_add_printf(buf, "Access-Control-Allow-Origin: %s" RN, client->server->allow_origin)); + } assert(evbuffer_add_printf(buf, - "HTTP/1.0 200 OK" RN - "Access-Control-Allow-Origin: *" RN "Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, pre-check=0, post-check=0, max-age=0" RN "Pragma: no-cache" RN "Expires: Mon, 3 Jan 2000 12:34:56 GMT" RN diff --git a/src/http/server.h b/src/http/server.h index 62027f7..f0aaa17 100644 --- a/src/http/server.h +++ b/src/http/server.h @@ -97,6 +97,7 @@ struct http_server_t { char *user; char *passwd; char *static_path; + char *allow_origin; char *blank_path; int last_as_blank; diff --git a/src/options.c b/src/options.c index c0f6c95..7b7de1d 100644 --- a/src/options.c +++ b/src/options.c @@ -99,6 +99,7 @@ enum _OPT_VALUES { _O_USER, _O_PASSWD, _O_STATIC, + _O_ALLOW_ORIGIN, _O_TCP_NODELAY, _O_SERVER_TIMEOUT, @@ -175,6 +176,7 @@ static const struct option _LONG_OPTS[] = { {"last-as-blank", required_argument, NULL, _O_LAST_AS_BLANK}, {"drop-same-frames", required_argument, NULL, _O_DROP_SAME_FRAMES}, {"slowdown", no_argument, NULL, _O_SLOWDOWN}, + {"allow-origin", required_argument, NULL, _O_ALLOW_ORIGIN}, {"fake-resolution", required_argument, NULL, _O_FAKE_RESOLUTION}, {"tcp-nodelay", no_argument, NULL, _O_TCP_NODELAY}, {"server-timeout", required_argument, NULL, _O_SERVER_TIMEOUT}, @@ -398,6 +400,7 @@ int options_parse(struct options_t *options, struct device_t *dev, struct encode case _O_DROP_SAME_FRAMES: OPT_NUMBER("--drop-same-frames", server->drop_same_frames, 0, VIDEO_MAX_FPS, 0); case _O_SLOWDOWN: OPT_SET(server->slowdown, true); case _O_FAKE_RESOLUTION: OPT_RESOLUTION("--fake-resolution", server->fake_width, server->fake_height, false); + case _O_ALLOW_ORIGIN: OPT_SET(server->allow_origin, optarg); case _O_TCP_NODELAY: OPT_SET(server->tcp_nodelay, true); case _O_SERVER_TIMEOUT: OPT_NUMBER("--server-timeout", server->timeout, 1, 60, 0); @@ -645,6 +648,7 @@ static void _help(struct device_t *dev, struct encoder_t *encoder, struct http_s printf(" -R|--fake-resolution ─ Override image resolution for the /state. Default: disabled.\n\n"); printf(" --tcp-nodelay ────────────── Set TCP_NODELAY flag to the client /stream socket. Ignored for --unix.\n"); printf(" Default: disabled.\n\n"); + printf(" --allow-origin ─────── Set Access-Control-Allow-Origin header. Default: disabled.\n\n"); printf(" --server-timeout ───── Timeout for client connections. Default: %u.\n\n", server->timeout); #ifdef WITH_GPIO printf("GPIO options:\n");