feat: thumbnail service CORS config

2025-12-30 17:00:57 -06:00 · 2024-05-28 08:35:13 +02:00
parent 73da706d52
commit 6b697d77ba
4 changed files with 27 additions and 0 deletions
--- a/services/thumbnails/pkg/config/defaults/defaultconfig.go
+++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go
@@ -36,6 +36,12 @@ func DefaultConfig() *config.Config {
 			Root:                  "/thumbnails",
 			Namespace:             "com.owncloud.web",
 			MaxConcurrentRequests: 0,
+			CORS: config.CORS{
+				AllowedOrigins:   []string{"*"},
+				AllowedMethods:   []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
+				AllowedHeaders:   []string{"Authorization", "Origin", "Content-Type", "Accept", "X-Requested-With", "X-Request-Id", "Cache-Control"},
+				AllowCredentials: true,
+			},
 		},
 		Service: config.Service{
 			Name: "thumbnails",
--- a/services/thumbnails/pkg/config/http.go
+++ b/services/thumbnails/pkg/config/http.go
@@ -2,11 +2,20 @@ package config

 import "github.com/owncloud/ocis/v2/ocis-pkg/shared"

+// CORS defines the available cors configuration.
+type CORS struct {
+	AllowedOrigins   []string `yaml:"allow_origins" env:"OCIS_CORS_ALLOW_ORIGINS;THUMBNAILS_CORS_ALLOW_ORIGINS" desc:"A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details." introductionVersion:"6.0"`
+	AllowedMethods   []string `yaml:"allow_methods" env:"OCIS_CORS_ALLOW_METHODS;THUMBNAILS_CORS_ALLOW_METHODS" desc:"A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details." introductionVersion:"6.0"`
+	AllowedHeaders   []string `yaml:"allow_headers" env:"OCIS_CORS_ALLOW_HEADERS;THUMBNAILS_CORS_ALLOW_HEADERS" desc:"A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details." introductionVersion:"6.0"`
+	AllowCredentials bool     `yaml:"allow_credentials" env:"OCIS_CORS_ALLOW_CREDENTIALS;THUMBNAILS_CORS_ALLOW_CREDENTIALS" desc:"Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials." introductionVersion:"6.0"`
+}
+
 // HTTP defines the available http configuration.
 type HTTP struct {
 	Addr                  string                `yaml:"addr" env:"THUMBNAILS_HTTP_ADDR" desc:"The bind address of the HTTP service." introductionVersion:"pre5.0"`
 	TLS                   shared.HTTPServiceTLS `yaml:"tls"`
 	Root                  string                `yaml:"root" env:"THUMBNAILS_HTTP_ROOT" desc:"Subdirectory that serves as the root for this HTTP service." introductionVersion:"pre5.0"`
 	Namespace             string                `yaml:"-"`
+	CORS                  CORS                  `yaml:"cors"`
 	MaxConcurrentRequests int                   `yaml:"max_concurrent_requests" env:"THUMBNAILS_MAX_CONCURRENT_REQUESTS" desc:"Number of maximum concurrent thumbnail requests. Default is 0 which is unlimited." introductionVersion:"6.0.0"`
 }
--- a/services/thumbnails/pkg/server/debug/server.go
+++ b/services/thumbnails/pkg/server/debug/server.go
@@ -23,6 +23,10 @@ func Server(opts ...Option) (*http.Server, error) {
 		debug.Zpages(options.Config.Debug.Zpages),
 		debug.Health(health(options.Config)),
 		debug.Ready(ready(options.Config)),
+		debug.CorsAllowedOrigins(options.Config.HTTP.CORS.AllowedOrigins),
+		debug.CorsAllowedMethods(options.Config.HTTP.CORS.AllowedMethods),
+		debug.CorsAllowedHeaders(options.Config.HTTP.CORS.AllowedHeaders),
+		debug.CorsAllowCredentials(options.Config.HTTP.CORS.AllowCredentials),
 	), nil
 }

--- a/services/thumbnails/pkg/server/http/server.go
+++ b/services/thumbnails/pkg/server/http/server.go
@@ -4,6 +4,7 @@ import (
 	"fmt"

 	"github.com/go-chi/chi/v5/middleware"
+	"github.com/owncloud/ocis/v2/ocis-pkg/cors"
 	ocismiddleware "github.com/owncloud/ocis/v2/ocis-pkg/middleware"
 	"github.com/owncloud/ocis/v2/ocis-pkg/service/http"
 	"github.com/owncloud/ocis/v2/ocis-pkg/version"
@@ -40,6 +41,13 @@ func Server(opts ...Option) (http.Service, error) {
 			middleware.RealIP,
 			middleware.RequestID,
 			ocismiddleware.Throttle(options.MaxConcurrentRequests),
+			ocismiddleware.Cors(
+				cors.Logger(options.Logger),
+				cors.AllowedOrigins(options.Config.HTTP.CORS.AllowedOrigins),
+				cors.AllowedMethods(options.Config.HTTP.CORS.AllowedMethods),
+				cors.AllowedHeaders(options.Config.HTTP.CORS.AllowedHeaders),
+				cors.AllowCredentials(options.Config.HTTP.CORS.AllowCredentials),
+			),
 			ocismiddleware.Version(
 				options.Config.Service.Name,
 				version.GetString(),