diff --git a/common/types.go b/common/types.go index a74f5b35..d8c9b244 100644 --- a/common/types.go +++ b/common/types.go @@ -32,6 +32,7 @@ type ResourceData struct { RedirectWithParams bool `json:"redirectWithParams,omitempty"` SkipAuth bool `json:"skipAuth,omitempty"` CookieDomain string `json:"cookieDomain,omitempty"` + AccessControlAllowOrigin string `json:accessControlAllowOrigin",omitempty"` } type ResourceGroupMap map[string]*ResourceData diff --git a/server/plugins/example/etc/resource.toml b/server/plugins/example/etc/resource.toml index 6bba1a22..ccb36ddd 100644 --- a/server/plugins/example/etc/resource.toml +++ b/server/plugins/example/etc/resource.toml @@ -6,12 +6,14 @@ # OpenTime: seconds for traffic passing duration after successful knock. # RedirectUrl: a customized url send back with the http response message as an option for redirection. (only applicable for http agent) # RedirectWithParams: whether or not to include queries in the original http request. (only applicable for http agent) +# AccessControlAllowOrigin: the response header indicates whether the response can be shared with requesting code from the given origin. ["demo"] SkipAuth = true OpenTime = 15 RedirectUrl = "https://acdemo.opennhp.org" RedirectWithParams = false CookieDomain = "opennhp.org" +AccessControlAllowOrigin = "https://demologin.opennhp.org" # syntax ["{ResourceId}".Resources."{ResourceName}"] # ResourceName: name of resource inside a resource group. Each ResourceId can have multiple ResourceNames. diff --git a/server/plugins/example/main.go b/server/plugins/example/main.go index 19dcbe16..71e7a5c8 100644 --- a/server/plugins/example/main.go +++ b/server/plugins/example/main.go @@ -186,6 +186,8 @@ func AuthWithHttp(ctx *gin.Context, req *common.HttpKnockRequest, helper *plugin return } + corsMiddleware(ctx, res.AccessControlAllowOrigin) + switch { case strings.EqualFold(action, "valid"): ackMsg, err = authRegular(ctx, req, res, helper) @@ -316,6 +318,28 @@ func AuthWithNHP(req *common.NhpAuthRequest, helper *plugins.NhpServerPluginHelp return ackMsg, err } +func corsMiddleware(ctx *gin.Context, originResource string) { + // HTTP headers for CORS + ctx.Writer.Header().Set("Access-Control-Allow-Origin", originResource) // allow cross-origin resource sharing + ctx.Writer.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS, POST") // methods + ctx.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Type, Content-Length, Set-Cookie") + ctx.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, X-NHP-Ver, Cookie") + ctx.Writer.Header().Set("Access-Control-Allow-Credentials", "true") + ctx.Writer.Header().Set("Access-Control-Max-Age", "300") + + if ctx.Request.Method == "OPTIONS" { + ctx.Status(http.StatusOK) + return + } + + if ctx.Request.Method == "DELETE" || ctx.Request.Method == "PUT" { + ctx.AbortWithStatus(http.StatusNoContent) + return + } + + ctx.Next() +} + func main() { } diff --git a/server/plugins/example/templates/example_login.html b/server/plugins/example/templates/example_login.html index 68511541..af9d5a75 100644 --- a/server/plugins/example/templates/example_login.html +++ b/server/plugins/example/templates/example_login.html @@ -289,7 +289,9 @@

"&password=" + encodeURIComponent(password); console.log(nhpValidUrl); - fetch(nhpValidUrl) + fetch(nhpValidUrl,{ + credentials: "include" + }) .then(response => response.json()) .then(result => { console.log(result);