Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(gateway): include CORS on subdomain redirects #9994

Merged
merged 2 commits into from
Jun 27, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix(gateway): include CORS on subdomain redirects
Depends on ipfs/boxo#395

Closes #9983
lidel authored and hacdias committed Jun 27, 2023
commit 5ddc8618e4c148ee7b2747422ab355a0810c63bd
8 changes: 2 additions & 6 deletions config/init.go
Original file line number Diff line number Diff line change
@@ -67,12 +67,8 @@ func InitWithIdentity(identity Identity) (*Config, error) {
RootRedirect: "",
NoFetch: false,
PathPrefixes: []string{},
HTTPHeaders: map[string][]string{
"Access-Control-Allow-Origin": {"*"},
"Access-Control-Allow-Methods": {"GET"},
"Access-Control-Allow-Headers": {"X-Requested-With", "Range", "User-Agent"},
},
Comment on lines -70 to -74
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ These are legacy values that were hardcoded since years ago, but no longer necessary. AddAccessControlHeaders from boxo/gateway ensures safe defaults are added if user did not pass own, and these values are already there, so we can remove them from config – they were not used/redundant for a while, even before we moved gateway code to boxo.

No need to write migration, as this is subset of what boxo/gateway sets anyway + we have tests in this PR that confirm these headers are will present even when missing from config.

APICommands: []string{},
HTTPHeaders: map[string][]string{},
APICommands: []string{},
},
Reprovider: Reprovider{
Interval: nil,
2 changes: 1 addition & 1 deletion docs/examples/kubo-as-a-library/go.mod
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ go 1.18
replace github.com/ipfs/kubo => ./../../..

require (
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233
github.com/ipfs/kubo v0.0.0-00010101000000-000000000000
github.com/libp2p/go-libp2p v0.27.7
github.com/multiformats/go-multiaddr v0.9.0
4 changes: 2 additions & 2 deletions docs/examples/kubo-as-a-library/go.sum
Original file line number Diff line number Diff line change
@@ -320,8 +320,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233 h1:eWyELpyY+KdlAuwlpGfTRb1YEIO02orbHkYtZkGwqrI=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY=
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ require (
github.com/fsnotify/fsnotify v1.6.0
github.com/google/uuid v1.3.0
github.com/hashicorp/go-multierror v1.1.1
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233
github.com/ipfs/go-block-format v0.1.2
github.com/ipfs/go-cid v0.4.1
github.com/ipfs/go-cidutil v0.1.0
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -355,8 +355,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233 h1:eWyELpyY+KdlAuwlpGfTRb1YEIO02orbHkYtZkGwqrI=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.0.2/go.mod h1:AWR46JfpcObNfg3ok2JHDUfdiHRgWhJgCQF+KIgOPJY=
2 changes: 1 addition & 1 deletion test/dependencies/go.mod
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ replace github.com/ipfs/kubo => ../../
require (
github.com/Kubuxu/gocovmerge v0.0.0-20161216165753-7ecaa51963cd
github.com/golangci/golangci-lint v1.49.0
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233
github.com/ipfs/go-cid v0.4.1
github.com/ipfs/go-cidutil v0.1.0
github.com/ipfs/go-datastore v0.6.0
4 changes: 2 additions & 2 deletions test/dependencies/go.sum
Original file line number Diff line number Diff line change
@@ -413,8 +413,8 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff h1:QnYD2h1e55nX9lSl5k8YVij1VIOICR7lPJlhbKOQjNM=
github.com/ipfs/boxo v0.10.2-0.20230620120822-417c5f7d61ff/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233 h1:eWyELpyY+KdlAuwlpGfTRb1YEIO02orbHkYtZkGwqrI=
github.com/ipfs/boxo v0.10.2-0.20230626222127-473506271233/go.mod h1:OGMmq97krQBiKx8LRGyf5DgWHeu+PDdIHNN2YnQlWjs=
github.com/ipfs/go-bitfield v1.1.0 h1:fh7FIo8bSwaJEh6DdTWbCeZ1eqOaOkKFI74SCnsWbGA=
github.com/ipfs/go-bitfield v1.1.0/go.mod h1:paqf1wjq/D2BBmzfTVFlJQ9IlFOZpg422HL0HqsGWHU=
github.com/ipfs/go-block-format v0.1.2 h1:GAjkfhVx1f4YTODS6Esrj1wt2HhrtwTnhEr+DyPUaJo=
45 changes: 30 additions & 15 deletions test/sharness/t0112-gateway-cors.sh
Original file line number Diff line number Diff line change
@@ -7,21 +7,9 @@ test_description="Test CORS behavior on Gateway port"
test_init_ipfs

# Default config
test_expect_success "Default Gateway.HTTPHeaders config match expected values" '
test_expect_success "Default Gateway.HTTPHeaders is empty (implicit CORS values from boxo/gateway)" '
cat <<EOF > expected
{
"Access-Control-Allow-Headers": [
"X-Requested-With",
"Range",
"User-Agent"
],
"Access-Control-Allow-Methods": [
"GET"
],
"Access-Control-Allow-Origin": [
"*"
]
}
{}
EOF
ipfs config --json Gateway.HTTPHeaders > actual &&
test_cmp expected actual
@@ -43,13 +31,19 @@ test_expect_success "GET to Gateway succeeds" '
test_expect_success "GET response for Gateway resource looks good" '
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: HEAD" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: OPTIONS" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Content-Type" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Range" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: User-Agent" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: X-Requested-With" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Range" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Length" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Chunked-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Stream-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
'

# HTTP OPTIONS Request
test_expect_success "OPTIONS to Gateway succeeds" '
curl -svX OPTIONS -H "Origin: https://example.com" "http://127.0.0.1:$GWAY_PORT/ipfs/$thash" 2>curl_output &&
@@ -60,13 +54,34 @@ test_expect_success "OPTIONS to Gateway succeeds" '
test_expect_success "OPTIONS response for Gateway resource looks good" '
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: HEAD" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: OPTIONS" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Content-Type" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: Range" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: User-Agent" curl_output &&
test_should_contain "< Access-Control-Allow-Headers: X-Requested-With" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Range" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: Content-Length" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Chunked-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Stream-Output" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
test_should_contain "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
'

# HTTP OPTIONS Request on path → subdomain HTTP 301 redirect
# (regression test for https://github.com/ipfs/kubo/issues/9983#issuecomment-1599673976)
test_expect_success "OPTIONS to Gateway succeeds" '
curl -svX OPTIONS -H "Origin: https://example.com" "http://localhost:$GWAY_PORT/ipfs/$thash" 2>curl_output &&
cat curl_output
'
# OPTION Response from Gateway should contain CORS headers
test_expect_success "OPTIONS response for subdomain redirect looks good" '
test_should_contain "HTTP/1.1 301 Moved Permanently" curl_output &&
test_should_contain "Location" curl_output &&
test_should_contain "< Access-Control-Allow-Origin: \*" curl_output &&
test_should_contain "< Access-Control-Allow-Methods: GET" curl_output
'

test_kill_ipfs_daemon

# Test CORS safelisting of custom headers