2017-12-07 20:43:21 +04:00
|
|
|
(**************************************************************************)
|
|
|
|
(* *)
|
2018-02-06 00:17:03 +04:00
|
|
|
(* Copyright (c) 2014 - 2018. *)
|
2017-12-07 20:43:21 +04:00
|
|
|
(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
|
|
|
|
(* *)
|
|
|
|
(* All rights reserved. No warranty, explicit or implicit, provided. *)
|
|
|
|
(* *)
|
|
|
|
(**************************************************************************)
|
|
|
|
|
|
|
|
type t = {
|
|
|
|
allowed_headers : string list ;
|
|
|
|
allowed_origins : string list ;
|
|
|
|
}
|
|
|
|
|
|
|
|
let default = { allowed_headers = [] ; allowed_origins = [] }
|
|
|
|
|
|
|
|
let check_origin_matches origin allowed_origin =
|
|
|
|
String.equal "*" allowed_origin ||
|
|
|
|
String.equal allowed_origin origin ||
|
|
|
|
begin
|
|
|
|
let allowed_w_slash = allowed_origin ^ "/" in
|
|
|
|
let len_a_w_s = String.length allowed_w_slash in
|
|
|
|
let len_o = String.length origin in
|
|
|
|
(len_o >= len_a_w_s) &&
|
|
|
|
String.equal allowed_w_slash @@ String.sub origin 0 len_a_w_s
|
|
|
|
end
|
|
|
|
|
|
|
|
let find_matching_origin allowed_origins origin =
|
|
|
|
let matching_origins =
|
|
|
|
List.filter (check_origin_matches origin) allowed_origins in
|
|
|
|
let compare_by_length_neg a b =
|
|
|
|
~- (compare (String.length a) (String.length b)) in
|
|
|
|
let matching_origins_sorted =
|
|
|
|
List.sort compare_by_length_neg matching_origins in
|
|
|
|
match matching_origins_sorted with
|
|
|
|
| [] -> None
|
|
|
|
| x :: _ -> Some x
|
|
|
|
|
2018-04-29 03:00:00 +04:00
|
|
|
let add_allow_origin headers cors origin_header =
|
2017-12-07 20:43:21 +04:00
|
|
|
match origin_header with
|
2018-04-29 03:00:00 +04:00
|
|
|
| None -> headers
|
2017-12-07 20:43:21 +04:00
|
|
|
| Some origin ->
|
|
|
|
match find_matching_origin cors.allowed_origins origin with
|
2018-04-29 03:00:00 +04:00
|
|
|
| None -> headers
|
2017-12-07 20:43:21 +04:00
|
|
|
| Some allowed_origin ->
|
2018-04-29 03:00:00 +04:00
|
|
|
Cohttp.Header.add headers
|
|
|
|
"Access-Control-Allow-Origin" allowed_origin
|
|
|
|
|
|
|
|
let add_headers headers cors origin_header =
|
|
|
|
let cors_headers =
|
|
|
|
Cohttp.Header.add_multi headers
|
|
|
|
"Access-Control-Allow-Headers" cors.allowed_headers in
|
|
|
|
add_allow_origin cors_headers cors origin_header
|