cli: Add flag for disabling CORS headers (#899)
This commit is contained in:
parent
9cf626bf0c
commit
7225439860
|
@ -23,6 +23,7 @@ var Flags struct {
|
|||
ShowGreeting bool
|
||||
DisableDownload bool
|
||||
DisableTermination bool
|
||||
DisableCors bool
|
||||
Timeout int64
|
||||
S3Bucket string
|
||||
S3ObjectPrefix string
|
||||
|
@ -72,6 +73,7 @@ func ParseFlags() {
|
|||
flag.BoolVar(&Flags.ShowGreeting, "show-greeting", true, "Show the greeting message")
|
||||
flag.BoolVar(&Flags.DisableDownload, "disable-download", false, "Disable the download endpoint")
|
||||
flag.BoolVar(&Flags.DisableTermination, "disable-termination", false, "Disable the termination endpoint")
|
||||
flag.BoolVar(&Flags.DisableCors, "disable-cors", false, "Disable CORS headers")
|
||||
flag.Int64Var(&Flags.Timeout, "timeout", 6*1000, "Read timeout for connections in milliseconds. A zero value means that reads will not timeout")
|
||||
flag.StringVar(&Flags.S3Bucket, "s3-bucket", "", "Use AWS S3 with this bucket as storage backend (requires the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_REGION environment variables to be set)")
|
||||
flag.StringVar(&Flags.S3ObjectPrefix, "s3-object-prefix", "", "Prefix for S3 object names")
|
||||
|
@ -106,7 +108,6 @@ func ParseFlags() {
|
|||
flag.StringVar(&Flags.TLSCertFile, "tls-certificate", "", "Path to the file containing the x509 TLS certificate to be used. The file should also contain any intermediate certificates and the CA certificate.")
|
||||
flag.StringVar(&Flags.TLSKeyFile, "tls-key", "", "Path to the file containing the key for the TLS certificate.")
|
||||
flag.StringVar(&Flags.TLSMode, "tls-mode", "tls12", "Specify which TLS mode to use; valid modes are tls13, tls12, and tls12-strong.")
|
||||
|
||||
flag.StringVar(&Flags.CPUProfile, "cpuprofile", "", "write cpu profile to file")
|
||||
flag.Parse()
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@ func Serve() {
|
|||
RespectForwardedHeaders: Flags.BehindProxy,
|
||||
DisableDownload: Flags.DisableDownload,
|
||||
DisableTermination: Flags.DisableTermination,
|
||||
DisableCors: Flags.DisableCors,
|
||||
StoreComposer: Composer,
|
||||
NotifyCompleteUploads: true,
|
||||
NotifyTerminatedUploads: true,
|
||||
|
|
|
@ -216,6 +216,8 @@ $ tusd -help
|
|||
If set, will listen to a UNIX socket at this location instead of a TCP socket
|
||||
-upload-dir string
|
||||
Directory to store uploads in (default "./data")
|
||||
-disable-cors
|
||||
Disables CORS headers. If set to true, tusd will not send any CORS related header. This is useful if you have a proxy sitting in front of tusd that handles CORS (default false)
|
||||
-verbose
|
||||
Enable verbose logging output (default true)
|
||||
-version
|
||||
|
|
|
@ -28,6 +28,9 @@ type Config struct {
|
|||
// DisableTermination indicates whether the server will refuse termination
|
||||
// requests of the uploaded file, by not mounting the DELETE handler.
|
||||
DisableTermination bool
|
||||
// Disable cors headers. If set to true, tusd will not send any CORS related header.
|
||||
// This is useful if you have a proxy sitting in front of tusd that handles CORS.
|
||||
DisableCors bool
|
||||
// NotifyCompleteUploads indicates whether sending notifications about
|
||||
// completed uploads using the CompleteUploads channel should be enabled.
|
||||
NotifyCompleteUploads bool
|
||||
|
|
|
@ -96,4 +96,20 @@ func TestCORS(t *testing.T) {
|
|||
t.Errorf("expected header to contain METHOD but got: %#v", methods)
|
||||
}
|
||||
})
|
||||
|
||||
SubTest(t, "Disable CORS", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
||||
handler, _ := NewHandler(Config{
|
||||
StoreComposer: composer,
|
||||
DisableCors: true,
|
||||
})
|
||||
|
||||
(&httpTest{
|
||||
Method: "OPTIONS",
|
||||
ReqHeader: map[string]string{
|
||||
"Origin": "tus.io",
|
||||
},
|
||||
Code: http.StatusOK,
|
||||
ResHeader: map[string]string{},
|
||||
}).Run(handler, t)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -217,7 +217,7 @@ func (handler *UnroutedHandler) Middleware(h http.Handler) http.Handler {
|
|||
|
||||
header := w.Header()
|
||||
|
||||
if origin := r.Header.Get("Origin"); origin != "" {
|
||||
if origin := r.Header.Get("Origin"); !handler.config.DisableCors && origin != "" {
|
||||
header.Set("Access-Control-Allow-Origin", origin)
|
||||
|
||||
if r.Method == "OPTIONS" {
|
||||
|
|
Loading…
Reference in New Issue