0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-12 07:41:43 -05:00

Allow CORS backend option and fix frontend to allow it

This commit is contained in:
alonso.torres 2021-10-20 11:09:30 +02:00
parent f32f13069f
commit 007728819b
9 changed files with 80 additions and 18 deletions

View file

@ -83,8 +83,7 @@
:ldap-attrs-photo "jpegPhoto"
;; a server prop key where initial project is stored.
:initial-project-skey "initial-project"
})
:initial-project-skey "initial-project"})
(s/def ::flags ::us/words)

View file

@ -141,7 +141,8 @@
["/webhooks"
["/sns" {:post (:sns-webhook cfg)}]]
["/api" {:middleware [[middleware/etag]
["/api" {:middleware [[middleware/cors]
[middleware/etag]
[middleware/format-response-body]
[middleware/params]
[middleware/multipart-params]

View file

@ -8,6 +8,7 @@
(:require
[app.common.logging :as l]
[app.common.transit :as t]
[app.config :as cf]
[app.metrics :as mtx]
[app.util.json :as json]
[buddy.core.codecs :as bc]
@ -176,3 +177,29 @@
:uri (str (:uri request) (when qstring (str "?" qstring)))
:method (name (:request-method request)))
(handler request)))))
(defn- wrap-cors
[handler]
(if-not (contains? cf/flags :cors)
handler
(letfn [(add-cors-headers [response request]
(-> response
(update
:headers
(fn [headers]
(-> headers
(assoc "access-control-allow-origin" (get-in request [:headers "origin"]))
(assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
(assoc "access-control-allow-credentials" "true")
(assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
(assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))))))]
(fn [request]
(if (= (:request-method request) :options)
(-> {:status 200 :body ""}
(add-cors-headers request))
(let [response (handler request)]
(add-cors-headers response request)))))))
(def cors
{:name ::cors
:compile (constantly wrap-cors)})

View file

@ -93,7 +93,8 @@
(when (false? registration)
(swap! flags disj :registration)))
(def public-uri
(defn get-public-uri
[]
(let [uri (u/uri (or (obj/get global "penpotPublicURI")
(.-origin ^js location)))]
;; Ensure that the path always ends with "/"; this ensures that
@ -102,6 +103,8 @@
(not (str/ends-with? (:path uri) "/"))
(update :path #(str % "/")))))
(def public-uri (get-public-uri))
;; --- Helper Functions
(defn ^boolean check-browser? [candidate]

View file

@ -48,6 +48,7 @@
[id params]
(->> (http/send! {:method :get
:uri (u/join base-uri "api/rpc/query/" (name id))
:credentials "include"
:query params})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))
@ -58,6 +59,7 @@
[id params]
(->> (http/send! {:method :post
:uri (u/join base-uri "api/rpc/mutation/" (name id))
:credentials "include"
:body (http/transit-data params)})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))
@ -87,7 +89,10 @@
[_ {:keys [provider] :as params}]
(let [uri (u/join base-uri "api/auth/oauth/" (d/name provider))
params (dissoc params :provider)]
(->> (http/send! {:method :post :uri uri :query params})
(->> (http/send! {:method :post
:uri uri
:credentials "include"
:query params})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))))
@ -95,6 +100,7 @@
[_ params]
(->> (http/send! {:method :post
:uri (u/join base-uri "api/feedback")
:credentials "include"
:body (http/transit-data params)})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))
@ -104,6 +110,7 @@
(->> (http/send! {:method :post
:uri (u/join base-uri "export")
:body (http/transit-data params)
:credentials "include"
:response-type :blob})
(rx/mapcat handle-response)))
@ -112,6 +119,7 @@
(->> (http/send! {:method :post
:uri (u/join base-uri "export-frames")
:body (http/transit-data params)
:credentials "include"
:response-type :blob})
(rx/mapcat handle-response)))
@ -123,6 +131,7 @@
[id params]
(->> (http/send! {:method :post
:uri (u/join base-uri "api/rpc/mutation/" (name id))
:credentials "include"
:body (http/form-data params)})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))

View file

@ -54,8 +54,10 @@
{"x-frontend-version" (:full @cfg/version)})
(defn fetch
[{:keys [method uri query headers body mode omit-default-headers]
:or {mode :cors headers {}}}]
[{:keys [method uri query headers body mode omit-default-headers credentials]
:or {mode :cors
headers {}
credentials "same-origin"}}]
(rx/Observable.create
(fn [subscriber]
(let [controller (js/AbortController.)
@ -83,7 +85,7 @@
:body body
:mode (d/name mode)
:redirect "follow"
:credentials "same-origin"
:credentials credentials
:referrerPolicy "no-referrer"
:signal signal}]
(-> (js/fetch (str uri) params)
@ -165,7 +167,6 @@
:uri uri
:response-type :blob
:omit-default-headers true})
(rx/filter #(= 200 (:status %)))
(rx/map :body)
(rx/mapcat wapi/read-file-as-data-url)

View file

@ -9,6 +9,8 @@
(:require
[app.common.transit :as t]
[app.common.uuid :as uuid]
[app.util.globals :refer [global]]
[app.util.object :as obj]
[beicon.core :as rx]))
(declare handle-response)
@ -28,11 +30,13 @@
data (t/encode-str message)
instance (:instance worker)]
(.postMessage instance data)
(->> (:stream worker)
(rx/filter #(= (:reply-to %) sender-id))
(take-messages)
(rx/map handle-response)))))
(if (some? instance)
(do (.postMessage instance data)
(->> (:stream worker)
(rx/filter #(= (:reply-to %) sender-id))
(take-messages)
(rx/map handle-response)))
(rx/empty)))))
(defn ask!
[worker message]
@ -79,6 +83,11 @@
(.addEventListener instance "message" handle-message)
(.addEventListener instance "error" handle-error)
(ask! worker
{:cmd :configure
:params
{"penpotPublicURI" (obj/get global "penpotPublicURI")}})
worker))
(defn- handle-response

View file

@ -7,6 +7,8 @@
(ns app.worker.impl
(:require
[app.common.pages.changes :as ch]
[app.util.globals :refer [global]]
[app.util.object :as obj]
[okulary.core :as l]))
(enable-console-print!)
@ -50,3 +52,8 @@
(assoc :cmd :selection/update-index)))
(handler (-> message
(assoc :cmd :snaps/update-index))))))
(defmethod handler :configure
[{:keys [params]}]
(doseq [[param-key param-value] params]
(obj/set! global param-key param-value)))

View file

@ -7,6 +7,8 @@
(ns app.worker.thumbnails
(:require
["react-dom/server" :as rds]
[app.common.uri :as u]
[app.config :as cfg]
[app.main.exports :as exports]
[app.main.fonts :as fonts]
[app.util.http :as http]
@ -29,11 +31,15 @@
(defn- request-page
[file-id page-id]
(let [uri "/api/rpc/query/page"]
(let [uri (u/join (cfg/get-public-uri) "api/rpc/query/page")
params {:file-id file-id
:id page-id
:strip-thumbnails true}]
(->> (http/send!
{:uri uri
:query {:file-id file-id :id page-id :strip-thumbnails true}
:method :get})
{:method :get
:uri uri
:credentials "include"
:query params})
(rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))))