Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(gateway): include CORS on subdomain redirects #9994

Merged
merged 2 commits into from
Jun 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions config/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,8 @@ func InitWithIdentity(identity Identity) (*Config, error) {
RootRedirect: "",
NoFetch: false,
PathPrefixes: []string{},
HTTPHeaders: map[string][]string{
"Access-Control-Allow-Origin": {"*"},
"Access-Control-Allow-Methods": {"GET"},
"Access-Control-Allow-Headers": {"X-Requested-With", "Range", "User-Agent"},
},
Comment on lines -70 to -74
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ These are legacy values that were hardcoded since years ago, but no longer necessary. AddAccessControlHeaders from boxo/gateway ensures safe defaults are added if user did not pass own, and these values are already there, so we can remove them from config – they were not used/redundant for a while, even before we moved gateway code to boxo.

No need to write migration, as this is subset of what boxo/gateway sets anyway + we have tests in this PR that confirm these headers are will present even when missing from config.

APICommands: []string{},
HTTPHeaders: map[string][]string{},
APICommands: []string{},
},
Reprovider: Reprovider{
Interval: nil,
Expand Down
2 changes: 1 addition & 1 deletion docs/examples/kubo-as-a-library/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ go 1.18
replace github.com/ipfs/kubo => ./../../..

require (
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9
github.com/ipfs/kubo v0.0.0-00010101000000-000000000000
github.com/libp2p/go-libp2p v0.27.7
github.com/multiformats/go-multiaddr v0.9.0
Expand Down
4 changes: 2 additions & 2 deletions docs/examples/kubo-as-a-library/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -320,8 +320,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9 h1:n66pkk54aXcGOrK2qJm+krxLQJWzo88skyefbuFqU44=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY=
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ require (
github.com/fsnotify/fsnotify v1.6.0
github.com/google/uuid v1.3.0
github.com/hashicorp/go-multierror v1.1.1
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9
github.com/ipfs/go-block-format v0.1.2
github.com/ipfs/go-cid v0.4.1
github.com/ipfs/go-cidutil v0.1.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -355,8 +355,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9 h1:n66pkk54aXcGOrK2qJm+krxLQJWzo88skyefbuFqU44=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY=
Expand Down
2 changes: 1 addition & 1 deletion test/dependencies/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ replace github.com/ipfs/kubo => ../../
require (
github.com/Kubuxu/gocovmerge v0.0.0-20161216165753-7ecaa51963cd
github.com/golangci/golangci-lint v1.49.0
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9
github.com/ipfs/go-cid v0.4.1
github.com/ipfs/go-cidutil v0.1.0
github.com/ipfs/go-datastore v0.6.0
Expand Down
4 changes: 2 additions & 2 deletions test/dependencies/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -413,8 +413,8 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9 h1:n66pkk54aXcGOrK2qJm+krxLQJWzo88skyefbuFqU44=
github.com/ipfs/boxo v0.10.2-0.20230627105028-a87f9ed0b2a9/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.1.2 h1:GAjkfhVx1f4YTODS6Esrj1wt2HhrtwTnhEr+DyPUaJo=
Expand Down
45 changes: 30 additions & 15 deletions test/sharness/t0112-gateway-cors.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,9 @@ test_description="Test CORS behavior on Gateway port"
test_init_ipfs

# Default config
test_expect_success "Default Gateway.HTTPHeaders config match expected values" '
test_expect_success "Default Gateway.HTTPHeaders is empty (implicit CORS values from boxo/gateway)" '
cat <<EOF > expected
{
"Access-Control-Allow-Headers": [
"X-Requested-With",
"Range",
"User-Agent"
],
"Access-Control-Allow-Methods": [
"GET"
],
"Access-Control-Allow-Origin": [
"*"
]
}
{}
EOF
ipfs config --json Gateway.HTTPHeaders > actual &&
test_cmp expected actual
Expand All @@ -43,13 +31,19 @@ test_expect_success "GET to Gateway succeeds" '
test_expect_success "GET response for Gateway resource looks good" '
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: HEAD" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: OPTIONS" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Content-Type" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Range" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: User-Agent" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: X-Requested-With" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Range" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Length" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Chunked-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Stream-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
'

# HTTP OPTIONS Request
test_expect_success "OPTIONS to Gateway succeeds" '
curl -svX OPTIONS -H "Origin: https://example.com" "http://127.0.0.1:$GWAY_PORT/ipfs/$thash" 2>curl_output &&
Expand All @@ -60,13 +54,34 @@ test_expect_success "OPTIONS to Gateway succeeds" '
test_expect_success "OPTIONS response for Gateway resource looks good" '
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: HEAD" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: OPTIONS" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Content-Type" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Range" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: User-Agent" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: X-Requested-With" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Range" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Length" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Chunked-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Stream-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
'

# HTTP OPTIONS Request on path → subdomain HTTP 301 redirect
# (regression test for https://github.com/ipfs/kubo/issues/9983#issuecomment-1599673976)
test_expect_success "OPTIONS to Gateway succeeds" '
curl -svX OPTIONS -H "Origin: https://example.com" "http://localhost:$GWAY_PORT/ipfs/$thash" 2>curl_output &&
cat curl_output
'
# OPTION Response from Gateway should contain CORS headers
test_expect_success "OPTIONS response for subdomain redirect looks good" '
test_should_contain "HTTP/1.1 301 Moved Permanently" curl_output &&
test_should_contain "Location" curl_output &&
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output
'

test_kill_ipfs_daemon

# Test CORS safelisting of custom headers
Expand Down