devproje/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-01-19 02:10:04 +09:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Headscale: Added an option to set an Access-Control-Allow-Origin response header to enable Cross-Origin Resource Sharing (CORS)

Browse source
This commit is contained in:
Jisse 2024-12-12 16:35:09 +01:00
parent ccc895b4c6
commit dfad6a1756
3 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config-example.yaml
View file

@ -40,6 +40,13 @@ grpc_listen_addr: 127.0.0.1:50443
# are doing. # are doing.
grpc_allow_insecure: false grpc_allow_insecure: false
# The Access-Control-Allow-Origin header specifies which origins are allowed to access resources.
# Options:
# - "*" to allow access from any origin (not recommended for sensitive data).
# - "http://example.com" to only allow access from a specific origin.
# - "" to disable Cross-Origin Resource Sharing (CORS).
access_control_allow_origin: ""
# The Noise section includes specific configuration for the # The Noise section includes specific configuration for the
# TS2021 Noise protocol # TS2021 Noise protocol
noise: noise:

11
hscontrol/app.go
View file

@ -454,10 +454,21 @@ func (h *Headscale) ensureUnixSocketIsAbsent() error {
return os.Remove(h.cfg.UnixSocket) return os.Remove(h.cfg.UnixSocket)
} }
func (h *Headscale) corsHeadersMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", h.cfg.AccessControlAllowOrigins)
next.ServeHTTP(w, r)
})
}
func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router { func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
router := mux.NewRouter() router := mux.NewRouter()
router.Use(prometheusMiddleware) router.Use(prometheusMiddleware)
if h.cfg.AccessControlAllowOrigins != "" {
router.Use(h.corsHeadersMiddleware)
}
router.HandleFunc(ts2021UpgradePath, h.NoiseUpgradeHandler).Methods(http.MethodPost, http.MethodGet) router.HandleFunc(ts2021UpgradePath, h.NoiseUpgradeHandler).Methods(http.MethodPost, http.MethodGet)
router.HandleFunc("/health", h.HealthHandler).Methods(http.MethodGet) router.HandleFunc("/health", h.HealthHandler).Methods(http.MethodGet)

6
hscontrol/types/config.go
View file

@ -63,6 +63,8 @@ type Config struct {
Log LogConfig Log LogConfig
DisableUpdateCheck bool DisableUpdateCheck bool
AccessControlAllowOrigins string
Database DatabaseConfig Database DatabaseConfig
DERP DERPConfig DERP DERPConfig
@ -303,6 +305,8 @@ func LoadConfig(path string, isFile bool) error {
viper.SetDefault("tuning.batch_change_delay", "800ms") viper.SetDefault("tuning.batch_change_delay", "800ms")
viper.SetDefault("tuning.node_mapsession_buffered_chan_size", 30) viper.SetDefault("tuning.node_mapsession_buffered_chan_size", 30)
viper.SetDefault("access_control_allow_origin", "")
viper.SetDefault("prefixes.allocation", string(IPAllocationStrategySequential)) viper.SetDefault("prefixes.allocation", string(IPAllocationStrategySequential))
if err := viper.ReadInConfig(); err != nil { if err := viper.ReadInConfig(); err != nil {
@ -868,6 +872,8 @@ func LoadServerConfig() (*Config, error) {
GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"), GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"),
DisableUpdateCheck: false, DisableUpdateCheck: false,
AccessControlAllowOrigins: viper.GetString("access_control_allow_origin"),
PrefixV4: prefix4, PrefixV4: prefix4,
PrefixV6: prefix6, PrefixV6: prefix6,
IPAllocation: IPAllocationStrategy(alloc), IPAllocation: IPAllocationStrategy(alloc),