Remove CORS logic (#851)

* http: Add inner server data structure

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Handle RPC messages

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Implement equivalent of `service_fn`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Implement equivalent of `make_service_fn`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Expose `tower` compatible service

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Prebuild http server with optional listener

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* examples: WIP tower service

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Fix warnings

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* tower_http: Fix warnings

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Ensure service works with tower

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Remove `RPSeeServerMakeSvc` to allow further flexibility

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* tower_http: Fix warnings

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* tower_http: Resubmit the same request for testing

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Transform builder into service directly

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Rename `RPSeeServerSvc` into user friendly `TowerService`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http: Rely on internal TowerService to handle requests

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Fix middleware typo

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Improve API builder for tower service

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Rename the inner service data and check comments

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* examples: Add comments

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Receive tower service builder as param

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* examples: Adjust tower_http example

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Add tower middleware on the HttpBuilder

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Do not expose the internal `TowerService` for now

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Update http-server/src/server.rs

Co-authored-by: Niklas Adolfsson <niklasadolfsson1@gmail.com>

* http-server: Use `std::error::Error`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Fix fmt

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Remove header and CORS validation

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* core: Remove CORS logic

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* examples: Add custom CORS layer to the RPC

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* address some grumbles

* fix more grumbles: no more Infallible

* make clippy happy

* Rename tower http example

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* http-server: Remove handling of OPTIONS request

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* tests: Test CORS with external layers

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* examples: Document access control and external CORS layer

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Remove unused deps

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* remove unused CORS code

* Remove extra lifetime param

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Rename `invalid_allow_origin` to `origin_rejected`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Fix clippy

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Update core/src/server/access_control/origin.rs

Co-authored-by: Niklas Adolfsson <niklasadolfsson1@gmail.com>

* Rename `AnyNonNull` to `Wildcard`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

* Rename `OriginType` to `Origin`

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>

Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io>
Co-authored-by: Niklas Adolfsson <niklasadolfsson1@gmail.com>

core/Cargo.toml

@@ -32,8 +32,6 @@ tokio = { version = "1.16", optional = true }
 wasm-bindgen-futures = { version = "0.4.19", optional = true }
 futures-timer = { version = "3", optional = true }
 globset = { version = "0.4", optional = true }
-lazy_static = { version = "1", optional = true }
-unicase = { version = "2.6.0", optional = true }
 http = { version = "0.2.7", optional = true }
 
 [features]
@@ -48,8 +46,6 @@ server = [
 	"rand",
 	"tokio/rt",
 	"tokio/sync",
-	"lazy_static",
-	"unicase",
 	"http",
 	"hyper",
 ]

core/src/http_helpers.rs

@@ -105,21 +105,9 @@ pub fn read_header_values<'a>(
 	headers.get_all(header_name)
 }
 
-/// Get the header values from the `access-control-request-headers` header.
-pub fn get_cors_request_headers<'a>(headers: &'a hyper::header::HeaderMap) -> impl Iterator<Item = &str> {
-	const ACCESS_CONTROL_REQUEST_HEADERS: &str = "access-control-request-headers";
-
-	read_header_values(headers, ACCESS_CONTROL_REQUEST_HEADERS)
-		.iter()
-		.filter_map(|val| val.to_str().ok())
-		.flat_map(|val| val.split(','))
-		// The strings themselves might contain leading and trailing whitespaces
-		.map(|s| s.trim())
-}
-
 #[cfg(test)]
 mod tests {
-	use super::{get_cors_request_headers, read_body, read_header_content_length};
+	use super::{read_body, read_header_content_length};
 
 	#[tokio::test]
 	async fn body_to_bytes_size_limit_works() {
@@ -144,23 +132,4 @@ mod tests {
 		headers.insert(hyper::header::CONTENT_LENGTH, "18446744073709551616".parse().unwrap());
 		assert_eq!(read_header_content_length(&headers), None);
 	}
-
-	#[test]
-	fn get_cors_headers_works() {
-		let mut headers = hyper::header::HeaderMap::new();
-
-		// access-control-request-headers
-		headers.insert(hyper::header::ACCESS_CONTROL_REQUEST_HEADERS, "Content-Type,x-requested-with".parse().unwrap());
-
-		let values: Vec<&str> = get_cors_request_headers(&headers).collect();
-		assert_eq!(values, vec!["Content-Type", "x-requested-with"]);
-
-		headers.insert(
-			hyper::header::ACCESS_CONTROL_REQUEST_HEADERS,
-			"Content-Type,               x-requested-with                  ".parse().unwrap(),
-		);
-
-		let values: Vec<&str> = get_cors_request_headers(&headers).collect();
-		assert_eq!(values, vec!["Content-Type", "x-requested-with"]);
-	}
 }