pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

API: Only allow cross-origin requests if explicitly enabled

Browse source 
To enable, set the key "allowCrossOrigin" under "api" in config.yml
No user interface for this option yet
This commit is contained in:
Jon Nordby 2014-06-07 01:04:32 +02:00
parent 0bd6005cb9
commit 651a9d30ce
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/octoprint/server/api/__init__.py
View file

@ -63,7 +63,7 @@ def beforeApiRequests():
the request.
"""
if request.method == 'OPTIONS':
if request.method == 'OPTIONS' and s().getBoolean(["api", "allowCrossOrigin"]):
return optionsAllowOrigin(request)
apikey = getApiKey(request)
@ -93,13 +93,14 @@ def beforeApiRequests():
@api.after_request
def afterApiRequests(resp):
""""""
""""""
# Allow crossdomain
if request.method != 'OPTIONS' and 'Origin' in request.headers:
resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
allowCrossOrigin = s().getBoolean(["api", "allowCrossOrigin"])
if request.method != 'OPTIONS' and 'Origin' in request.headers and allowCrossOrigin:
resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
return resp
return resp
#~~ first run setup

3
src/octoprint/settings.py
View file

@ -131,7 +131,8 @@ default_settings = {
},
"api": {
"enabled": False,
"key": ''.join('%02X' % ord(z) for z in uuid.uuid4().bytes)
"key": ''.join('%02X' % ord(z) for z in uuid.uuid4().bytes),
"allowCrossOrigin": False
},
"terminalFilters": [
{ "name": "Suppress M105 requests/responses", "regex": "(Send: M105)|(Recv: ok T\d*:)" },