diff options
-rw-r--r-- | api/context.go | 4 | ||||
-rw-r--r-- | config/config.json | 1 | ||||
-rw-r--r-- | model/config.go | 1 | ||||
-rw-r--r-- | utils/config.go | 2 | ||||
-rw-r--r-- | web/react/components/admin_console/service_settings.jsx | 35 | ||||
-rw-r--r-- | web/static/i18n/en.json | 3 | ||||
-rw-r--r-- | web/static/i18n/es.json | 3 |
7 files changed, 49 insertions, 0 deletions
diff --git a/api/context.go b/api/context.go index 9e05c5d87..3b9782851 100644 --- a/api/context.go +++ b/api/context.go @@ -166,6 +166,10 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // All api response bodies will be JSON formatted by default w.Header().Set("Content-Type", "application/json") + if len(utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 { + w.Header().Set("Access-Control-Allow-Origin", utils.Cfg.ServiceSettings.AllowCorsFrom) + } + if r.Method == "GET" { w.Header().Set("Expires", "0") } diff --git a/config/config.json b/config/config.json index 2795546f8..b211b16d3 100644 --- a/config/config.json +++ b/config/config.json @@ -15,6 +15,7 @@ "EnableDeveloper": false, "EnableSecurityFixAlert": true, "EnableInsecureOutgoingConnections": false, + "AllowCorsFrom": "", "SessionLengthWebInDays": 30, "SessionLengthMobileInDays": 30, "SessionLengthSSOInDays": 30, diff --git a/model/config.go b/model/config.go index aa3dd3586..a7d92c101 100644 --- a/model/config.go +++ b/model/config.go @@ -39,6 +39,7 @@ type ServiceSettings struct { EnableDeveloper *bool EnableSecurityFixAlert *bool EnableInsecureOutgoingConnections *bool + AllowCorsFrom string SessionLengthWebInDays *int SessionLengthMobileInDays *int SessionLengthSSOInDays *int diff --git a/utils/config.go b/utils/config.go index 3e4ba5c5b..0a1d40db0 100644 --- a/utils/config.go +++ b/utils/config.go @@ -236,5 +236,7 @@ func getClientConfig(c *model.Config) map[string]string { props["WebsocketPort"] = fmt.Sprintf("%v", *c.ServiceSettings.WebsocketPort) props["WebsocketSecurePort"] = fmt.Sprintf("%v", *c.ServiceSettings.WebsocketSecurePort) + props["AllowCorsFrom"] = c.ServiceSettings.AllowCorsFrom + return props } diff --git a/web/react/components/admin_console/service_settings.jsx b/web/react/components/admin_console/service_settings.jsx index 047c7eb8d..9ed81b6a3 100644 --- a/web/react/components/admin_console/service_settings.jsx +++ b/web/react/components/admin_console/service_settings.jsx @@ -31,6 +31,10 @@ var holders = defineMessages({ id: 'admin.service.sessionDaysEx', defaultMessage: 'Ex "30"' }, + corsExample: { + id: 'admin.service.corsEx', + defaultMessage: 'http://example.com' + }, saving: { id: 'admin.service.saving', defaultMessage: 'Saving Config...' @@ -131,6 +135,8 @@ class ServiceSettings extends React.Component { config.ServiceSettings.SessionCacheInMinutes = SessionCacheInMinutes; ReactDOM.findDOMNode(this.refs.SessionCacheInMinutes).value = SessionCacheInMinutes; + config.ServiceSettings.AllowCorsFrom = ReactDOM.findDOMNode(this.refs.AllowCorsFrom).value.trim(); + Client.saveConfig( config, () => { @@ -766,6 +772,35 @@ class ServiceSettings extends React.Component { <div className='form-group'> <label className='control-label col-sm-4' + htmlFor='AllowCorsFrom' + > + <FormattedMessage + id='admin.service.corsTitle' + defaultMessage='Allow Cross-origin Requests from:' + /> + </label> + <div className='col-sm-8'> + <input + type='text' + className='form-control' + id='AllowCorsFrom' + ref='AllowCorsFrom' + placeholder={formatMessage(holders.corsExample)} + defaultValue={this.props.config.ServiceSettings.AllowCorsFrom} + onChange={this.handleChange} + /> + <p className='help-text'> + <FormattedMessage + id='admin.service.corsDescription' + defaultMessage='Enable HTTP Cross origin request from a specific domain. Use "*" if you want to allow CORS from any domain or leave it blank to disable it.' + /> + </p> + </div> + </div> + + <div className='form-group'> + <label + className='control-label col-sm-4' htmlFor='SessionLengthWebInDays' > <FormattedMessage diff --git a/web/static/i18n/en.json b/web/static/i18n/en.json index 0d7be4b08..7f570b339 100644 --- a/web/static/i18n/en.json +++ b/web/static/i18n/en.json @@ -294,6 +294,9 @@ "admin.service.attemptTitle": "Maximum Login Attempts:", "admin.service.cmdsDesc": "When true, user created slash commands will be allowed.", "admin.service.cmdsTitle": "Enable Slash Commands: ", + "admin.service.corsEx": "http://example.com https://example.com", + "admin.service.corsDescription": "Enable HTTP Cross origin request from specific domains (separate by a spacebar). Use \"*\" if you want to allow CORS from any domain or leave it blank to disable it.", + "admin.service.corsTitle": "Allow Cross-origin Requests from:", "admin.service.developerDesc": "(Developer Option) When true, extra information around errors will be displayed in the UI.", "admin.service.developerTitle": "Enable Developer Mode: ", "admin.service.false": "false", diff --git a/web/static/i18n/es.json b/web/static/i18n/es.json index ea1b4663a..78a6e4c0e 100644 --- a/web/static/i18n/es.json +++ b/web/static/i18n/es.json @@ -294,6 +294,9 @@ "admin.service.attemptTitle": "Máximo de intentos de conexión:", "admin.service.cmdsDesc": "Cuando es verdadero, se permite la creación de comandos de barra por usuarios.", "admin.service.cmdsTitle": "Habilitar Comandos de Barra: ", + "admin.service.corsEx": "http://ejemplo.com https://ejemplo.com", + "admin.service.corsDescription": "Habilita las solicitudes HTTP de origen cruzado para dominios en específico (separados por un espacio). Utiliza \"*\" si quieres habilitar CORS desde cualquier dominio o deja el campo en blanco para deshabilitarlo.", + "admin.service.corsTitle": "Permitir Solicitudes de Origen Cruzado desde:", "admin.service.developerDesc": "(Opción de Desarrollador) Cuando está asignado en verdadero, información extra sobre errores se muestra en el UI.", "admin.service.developerTitle": "Habilitar modo de Desarrollador: ", "admin.service.false": "falso", |