change CORS_ALLOWED_ORIGIN input to comma-separated strings

2025-09-06 05:04:27 +08:00 · 2022-12-13 10:44:10 +05:30 · 2022-12-13 10:44:10 +05:30 · 9c019ca1b1
commit 9c019ca1b1
parent 67e4317e17
4 changed files with 54 additions and 54 deletions
--- a/compose/docker-compose.reference.yml
+++ b/compose/docker-compose.reference.yml
@ -32,7 +32,7 @@ services:
      TELEMETRY: "on" # Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
      RCE: "off" # Enables setting PostUp and PostDown (arbitrary commands) on nodes from the server. Off by default.
      MASTER_KEY: "REPLACE_MASTER_KEY" # The admin master key for accessing the API. Change this in any production installation.
-      CORS_ALLOWED_ORIGIN: "*" # The "allowed origin" for API requests. Change to restrict where API requests can come from.
+      CORS_ALLOWED_ORIGIN: "*" # The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
      DISPLAY_KEYS: "on" # Show keys permanently in UI (until deleted) as opposed to 1-time display.
      DATABASE: "sqlite" # Database to use - sqlite, postgres, or rqlite
      NODE_ID: "netmaker-server-1" # used for HA - identifies this server vs other servers
--- a/config/config.go
+++ b/config/config.go
@ -1,7 +1,7 @@
-//Environment file for getting variables
-//Currently the only thing it does is set the master password
-//Should probably have it take over functions from OS such as port and mongodb connection details
-//Reads from the config/environments/dev.yaml file by default
+// Environment file for getting variables
+// Currently the only thing it does is set the master password
+// Should probably have it take over functions from OS such as port and mongodb connection details
+// Reads from the config/environments/dev.yaml file by default
 package config

 import (
@ -32,50 +32,50 @@ type EnvironmentConfig struct {

 // ServerConfig - server conf struct
 type ServerConfig struct {
-	CoreDNSAddr           string `yaml:"corednsaddr"`
-	APIConnString         string `yaml:"apiconn"`
-	APIHost               string `yaml:"apihost"`
-	APIPort               string `yaml:"apiport"`
-	MQHOST                string `yaml:"mqhost"`
-	MasterKey             string `yaml:"masterkey"`
-	DNSKey                string `yaml:"dnskey"`
-	AllowedOrigin         string `yaml:"allowedorigin"`
-	NodeID                string `yaml:"nodeid"`
-	RestBackend           string `yaml:"restbackend"`
-	AgentBackend          string `yaml:"agentbackend"`
-	MessageQueueBackend   string `yaml:"messagequeuebackend"`
-	ClientMode            string `yaml:"clientmode"`
-	DNSMode               string `yaml:"dnsmode"`
-	DisableRemoteIPCheck  string `yaml:"disableremoteipcheck"`
-	Version               string `yaml:"version"`
-	SQLConn               string `yaml:"sqlconn"`
-	Platform              string `yaml:"platform"`
-	Database              string `yaml:"database"`
-	DefaultNodeLimit      int32  `yaml:"defaultnodelimit"`
-	Verbosity             int32  `yaml:"verbosity"`
-	ServerCheckinInterval int64  `yaml:"servercheckininterval"`
-	AuthProvider          string `yaml:"authprovider"`
-	OIDCIssuer            string `yaml:"oidcissuer"`
-	ClientID              string `yaml:"clientid"`
-	ClientSecret          string `yaml:"clientsecret"`
-	FrontendURL           string `yaml:"frontendurl"`
-	DisplayKeys           string `yaml:"displaykeys"`
-	AzureTenant           string `yaml:"azuretenant"`
-	RCE                   string `yaml:"rce"`
-	Telemetry             string `yaml:"telemetry"`
-	ManageIPTables        string `yaml:"manageiptables"`
-	PortForwardServices   string `yaml:"portforwardservices"`
-	HostNetwork           string `yaml:"hostnetwork"`
-	MQPort                string `yaml:"mqport"`
-	MQServerPort          string `yaml:"mqserverport"`
-	Server                string `yaml:"server"`
-	PublicIPService       string `yaml:"publicipservice"`
-	MQAdminPassword       string `yaml:"mqadminpassword"`
-	MetricsExporter       string `yaml:"metrics_exporter"`
-	BasicAuth             string `yaml:"basic_auth"`
-	LicenseValue          string `yaml:"license_value"`
-	NetmakerAccountID     string `yaml:"netmaker_account_id"`
-	IsEE                  string `yaml:"is_ee"`
+	CoreDNSAddr           string   `yaml:"corednsaddr"`
+	APIConnString         string   `yaml:"apiconn"`
+	APIHost               string   `yaml:"apihost"`
+	APIPort               string   `yaml:"apiport"`
+	MQHOST                string   `yaml:"mqhost"`
+	MasterKey             string   `yaml:"masterkey"`
+	DNSKey                string   `yaml:"dnskey"`
+	AllowedOrigin         []string `yaml:"allowedorigin"`
+	NodeID                string   `yaml:"nodeid"`
+	RestBackend           string   `yaml:"restbackend"`
+	AgentBackend          string   `yaml:"agentbackend"`
+	MessageQueueBackend   string   `yaml:"messagequeuebackend"`
+	ClientMode            string   `yaml:"clientmode"`
+	DNSMode               string   `yaml:"dnsmode"`
+	DisableRemoteIPCheck  string   `yaml:"disableremoteipcheck"`
+	Version               string   `yaml:"version"`
+	SQLConn               string   `yaml:"sqlconn"`
+	Platform              string   `yaml:"platform"`
+	Database              string   `yaml:"database"`
+	DefaultNodeLimit      int32    `yaml:"defaultnodelimit"`
+	Verbosity             int32    `yaml:"verbosity"`
+	ServerCheckinInterval int64    `yaml:"servercheckininterval"`
+	AuthProvider          string   `yaml:"authprovider"`
+	OIDCIssuer            string   `yaml:"oidcissuer"`
+	ClientID              string   `yaml:"clientid"`
+	ClientSecret          string   `yaml:"clientsecret"`
+	FrontendURL           string   `yaml:"frontendurl"`
+	DisplayKeys           string   `yaml:"displaykeys"`
+	AzureTenant           string   `yaml:"azuretenant"`
+	RCE                   string   `yaml:"rce"`
+	Telemetry             string   `yaml:"telemetry"`
+	ManageIPTables        string   `yaml:"manageiptables"`
+	PortForwardServices   string   `yaml:"portforwardservices"`
+	HostNetwork           string   `yaml:"hostnetwork"`
+	MQPort                string   `yaml:"mqport"`
+	MQServerPort          string   `yaml:"mqserverport"`
+	Server                string   `yaml:"server"`
+	PublicIPService       string   `yaml:"publicipservice"`
+	MQAdminPassword       string   `yaml:"mqadminpassword"`
+	MetricsExporter       string   `yaml:"metrics_exporter"`
+	BasicAuth             string   `yaml:"basic_auth"`
+	LicenseValue          string   `yaml:"license_value"`
+	NetmakerAccountID     string   `yaml:"netmaker_account_id"`
+	IsEE                  string   `yaml:"is_ee"`
 }

 // SQLConfig - Generic SQL Config
--- a/controllers/controller.go
+++ b/controllers/controller.go
@ -38,7 +38,7 @@ func HandleRESTRequests(wg *sync.WaitGroup) {
 	// Currently allowed dev origin is all. Should change in prod
 	// should consider analyzing the allowed methods further
 	headersOk := handlers.AllowedHeaders([]string{"Access-Control-Allow-Origin", "X-Requested-With", "Content-Type", "authorization"})
-	originsOk := handlers.AllowedOrigins([]string{servercfg.GetAllowedOrigin()})
+	originsOk := handlers.AllowedOrigins(servercfg.GetAllowedOrigin())
 	methodsOk := handlers.AllowedMethods([]string{"GET", "PUT", "POST", "DELETE"})

 	for _, handler := range HttpHandlers {
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -267,11 +267,11 @@ func GetDNSKey() string {
 }

 // GetAllowedOrigin - get the allowed origin
-func GetAllowedOrigin() string {
-	allowedorigin := "*"
+func GetAllowedOrigin() []string {
+	allowedorigin := []string{"*"}
 	if os.Getenv("CORS_ALLOWED_ORIGIN") != "" {
-		allowedorigin = os.Getenv("CORS_ALLOWED_ORIGIN")
-	} else if config.Config.Server.AllowedOrigin != "" {
+		allowedorigin = strings.Split(os.Getenv("CORS_ALLOWED_ORIGIN"), ",")
+	} else if len(config.Config.Server.AllowedOrigin) > 0 {
 		allowedorigin = config.Config.Server.AllowedOrigin
 	}
 	return allowedorigin