2018-06-29 16:08:08 +04:00
|
|
|
(*****************************************************************************)
|
|
|
|
|
(* *)
|
|
|
|
|
(* Open Source License *)
|
|
|
|
|
(* Copyright (c) 2018 Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
|
|
|
|
|
(* *)
|
|
|
|
|
(* Permission is hereby granted, free of charge, to any person obtaining a *)
|
|
|
|
|
(* copy of this software and associated documentation files (the "Software"),*)
|
|
|
|
|
(* to deal in the Software without restriction, including without limitation *)
|
|
|
|
|
(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *)
|
|
|
|
|
(* and/or sell copies of the Software, and to permit persons to whom the *)
|
|
|
|
|
(* Software is furnished to do so, subject to the following conditions: *)
|
|
|
|
|
(* *)
|
|
|
|
|
(* The above copyright notice and this permission notice shall be included *)
|
|
|
|
|
(* in all copies or substantial portions of the Software. *)
|
|
|
|
|
(* *)
|
|
|
|
|
(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)
|
|
|
|
|
(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *)
|
|
|
|
|
(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *)
|
|
|
|
|
(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)
|
|
|
|
|
(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *)
|
|
|
|
|
(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *)
|
|
|
|
|
(* DEALINGS IN THE SOFTWARE. *)
|
|
|
|
|
(* *)
|
|
|
|
|
(*****************************************************************************)
|
2017-12-07 20:43:21 +04:00
|
|
|
|
|
|
|
|
type t = {
|
|
|
|
|
allowed_headers : string list ;
|
|
|
|
|
allowed_origins : string list ;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let default = { allowed_headers = [] ; allowed_origins = [] }
|
|
|
|
|
|
|
|
|
|
let check_origin_matches origin allowed_origin =
|
|
|
|
|
String.equal "*" allowed_origin ||
|
|
|
|
|
String.equal allowed_origin origin ||
|
|
|
|
|
begin
|
|
|
|
|
let allowed_w_slash = allowed_origin ^ "/" in
|
|
|
|
|
let len_a_w_s = String.length allowed_w_slash in
|
|
|
|
|
let len_o = String.length origin in
|
|
|
|
|
(len_o >= len_a_w_s) &&
|
|
|
|
|
String.equal allowed_w_slash @@ String.sub origin 0 len_a_w_s
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
let find_matching_origin allowed_origins origin =
|
|
|
|
|
let matching_origins =
|
|
|
|
|
List.filter (check_origin_matches origin) allowed_origins in
|
|
|
|
|
let compare_by_length_neg a b =
|
|
|
|
|
~- (compare (String.length a) (String.length b)) in
|
|
|
|
|
let matching_origins_sorted =
|
|
|
|
|
List.sort compare_by_length_neg matching_origins in
|
|
|
|
|
match matching_origins_sorted with
|
|
|
|
|
| [] -> None
|
|
|
|
|
| x :: _ -> Some x
|
|
|
|
|
|
2018-04-29 03:00:00 +04:00
|
|
|
let add_allow_origin headers cors origin_header =
|
2017-12-07 20:43:21 +04:00
|
|
|
match origin_header with
|
2018-04-29 03:00:00 +04:00
|
|
|
| None -> headers
|
2017-12-07 20:43:21 +04:00
|
|
|
| Some origin ->
|
|
|
|
|
match find_matching_origin cors.allowed_origins origin with
|
2018-04-29 03:00:00 +04:00
|
|
|
| None -> headers
|
2017-12-07 20:43:21 +04:00
|
|
|
| Some allowed_origin ->
|
2018-04-29 03:00:00 +04:00
|
|
|
Cohttp.Header.add headers
|
|
|
|
|
"Access-Control-Allow-Origin" allowed_origin
|
|
|
|
|
|
|
|
|
|
let add_headers headers cors origin_header =
|
|
|
|
|
let cors_headers =
|
|
|
|
|
Cohttp.Header.add_multi headers
|
|
|
|
|
"Access-Control-Allow-Headers" cors.allowed_headers in
|
|
|
|
|
add_allow_origin cors_headers cors origin_header
|
