diff options
| author | Richard van Nieuwenhoven <richard.vannieuwenhoven@adesso.at> | 2015-09-13 08:01:26 +0200 |
|---|---|---|
| committer | Richard van Nieuwenhoven <richard.vannieuwenhoven@adesso.at> | 2015-09-13 08:01:26 +0200 |
| commit | 4a3649d01c41f5cba8dd4c8b3c99d2e073395ff8 (patch) | |
| tree | 0b2ee99ebe3155aa2bc533817f55fb1be8ac123b /webserver | |
| parent | 52e133eaffa4906f4d85ec1374c99ee475ead36d (diff) | |
| parent | cbdd9d819348d2169d190f305b32d5240d1f60fc (diff) | |
| download | nanohttpd-4a3649d01c41f5cba8dd4c8b3c99d2e073395ff8.tar.gz | |
Merge pull request #207 from McFoggy/cors-support
fixes #25 add basic CORS support
Diffstat (limited to 'webserver')
5 files changed, 405 insertions, 35 deletions
diff --git a/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java b/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java index f3ad1c2..f5415d6 100644 --- a/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java +++ b/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java @@ -32,7 +32,6 @@ package fi.iki.elonen; * OF THE POSSIBILITY OF SUCH DAMAGE. * #L% */ - import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -138,6 +137,7 @@ public class SimpleWebServer extends NanoHTTPD { String host = null; // bind to all interfaces by default List<File> rootDirs = new ArrayList<File>(); boolean quiet = false; + String cors = null; Map<String, String> options = new HashMap<String, String>(); // Parse command-line, with short and long versions of the options. @@ -150,6 +150,12 @@ public class SimpleWebServer extends NanoHTTPD { quiet = true; } else if (args[i].equalsIgnoreCase("-d") || args[i].equalsIgnoreCase("--dir")) { rootDirs.add(new File(args[i + 1]).getAbsoluteFile()); + } else if (args[i].startsWith("--cors")) { + cors = "*"; + int equalIdx = args[i].indexOf('='); + if (equalIdx > 0) { + cors = args[i].substring(equalIdx + 1); + } } else if (args[i].equalsIgnoreCase("--licence")) { System.out.println(SimpleWebServer.LICENCE + "\n"); } else if (args[i].startsWith("-X:")) { @@ -165,7 +171,6 @@ public class SimpleWebServer extends NanoHTTPD { if (rootDirs.isEmpty()) { rootDirs.add(new File(".").getAbsoluteFile()); } - options.put("host", host); options.put("port", "" + port); options.put("quiet", String.valueOf(quiet)); @@ -180,7 +185,6 @@ public class SimpleWebServer extends NanoHTTPD { } } options.put("home", sb.toString()); - ServiceLoader<WebServerPluginInfo> serviceLoader = ServiceLoader.load(WebServerPluginInfo.class); for (WebServerPluginInfo info : serviceLoader) { String[] mimeTypes = info.getMimeTypes(); @@ -199,8 +203,7 @@ public class SimpleWebServer extends NanoHTTPD { registerPluginForMimeType(indexFiles, mime, info.getWebServerPlugin(mime), options); } } - - ServerRunner.executeInstance(new SimpleWebServer(host, port, rootDirs, quiet)); + ServerRunner.executeInstance(new SimpleWebServer(host, port, rootDirs, quiet, cors)); } protected static void registerPluginForMimeType(String[] indexFiles, String mimeType, WebServerPlugin plugin, Map<String, String> commandLineOptions) { @@ -224,20 +227,26 @@ public class SimpleWebServer extends NanoHTTPD { private final boolean quiet; + private final String cors; + protected List<File> rootDirs; - public SimpleWebServer(String host, int port, File wwwroot, boolean quiet) { - super(host, port); - this.quiet = quiet; - this.rootDirs = new ArrayList<File>(); - this.rootDirs.add(wwwroot); + public SimpleWebServer(String host, int port, File wwwroot, boolean quiet, String cors) { + this(host, port, Collections.singletonList(wwwroot), quiet, cors); + } - init(); + public SimpleWebServer(String host, int port, File wwwroot, boolean quiet) { + this(host, port, Collections.singletonList(wwwroot), quiet, null); } public SimpleWebServer(String host, int port, List<File> wwwroots, boolean quiet) { + this(host, port, wwwroots, quiet, null); + } + + public SimpleWebServer(String host, int port, List<File> wwwroots, boolean quiet, String cors) { super(host, port); this.quiet = quiet; + this.cors = cors; this.rootDirs = new ArrayList<File>(wwwroots); init(); @@ -394,6 +403,21 @@ public class SimpleWebServer extends NanoHTTPD { } private Response respond(Map<String, String> headers, IHTTPSession session, String uri) { + // First let's handle CORS OPTION query + Response r; + if (cors != null && Method.OPTIONS.equals(session.getMethod())) { + r = new NanoHTTPD.Response(Response.Status.OK, MIME_PLAINTEXT, null, 0); + } else { + r = defaultRespond(headers, session, uri); + } + + if (cors != null) { + r = addCORSHeaders(headers, r, cors); + } + return r; + } + + private Response defaultRespond(Map<String, String> headers, IHTTPSession session, String uri) { // Remove URL arguments uri = uri.trim().replace(File.separatorChar, '/'); if (uri.indexOf('?') >= 0) { @@ -596,4 +620,31 @@ public class SimpleWebServer extends NanoHTTPD { res.addHeader("Accept-Ranges", "bytes"); return res; } + + protected Response addCORSHeaders(Map<String, String> queryHeaders, Response resp, String cors) { + resp.addHeader("Access-Control-Allow-Origin", cors); + resp.addHeader("Access-Control-Allow-Headers", calculateAllowHeaders(queryHeaders)); + resp.addHeader("Access-Control-Allow-Credentials", "true"); + resp.addHeader("Access-Control-Allow-Methods", ALLOWED_METHODS); + resp.addHeader("Access-Control-Max-Age", "" + MAX_AGE); + + return resp; + } + + private String calculateAllowHeaders(Map<String, String> queryHeaders) { + // here we should use the given asked headers + // but NanoHttpd uses a Map whereas it is possible for requester to send + // several time the same header + // let's just use default values for this version + return System.getProperty(ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME, DEFAULT_ALLOWED_HEADERS); + } + + private final static String ALLOWED_METHODS = "GET, POST, PUT, DELETE, OPTIONS, HEAD"; + + private final static int MAX_AGE = 42 * 60 * 60; + + // explicitly relax visibility to package for tests purposes + final static String DEFAULT_ALLOWED_HEADERS = "origin,accept,content-type"; + + public final static String ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME = "AccessControlAllowHeader"; } diff --git a/webserver/src/test/java/fi/iki/elonen/AbstractTestHttpServer.java b/webserver/src/test/java/fi/iki/elonen/AbstractTestHttpServer.java new file mode 100644 index 0000000..b56c2b0 --- /dev/null +++ b/webserver/src/test/java/fi/iki/elonen/AbstractTestHttpServer.java @@ -0,0 +1,67 @@ +package fi.iki.elonen; + +/* + * #%L + * NanoHttpd-Webserver + * %% + * Copyright (C) 2012 - 2015 nanohttpd + * %% + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * 3. Neither the name of the nanohttpd nor the names of its contributors + * may be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * #L% + */ + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import org.apache.http.HttpEntity; + +/** + * @author Matthieu Brouillard [matthieu@brouillard.fr] + */ +public class AbstractTestHttpServer { + + protected byte[] readContents(HttpEntity entity) throws IOException { + InputStream instream = entity.getContent(); + return readContents(instream); + } + + protected byte[] readContents(InputStream instream) throws IOException { + byte[] bytes; + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try { + byte[] buffer = new byte[1024]; + int count; + while ((count = instream.read(buffer)) >= 0) { + out.write(buffer, 0, count); + } + bytes = out.toByteArray(); + } finally { + instream.close(); + } + return bytes; + } + +} diff --git a/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServer.java b/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServer.java new file mode 100644 index 0000000..93f4699 --- /dev/null +++ b/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServer.java @@ -0,0 +1,154 @@ +package fi.iki.elonen; + +/* + * #%L + * NanoHttpd-Webserver + * %% + * Copyright (C) 2012 - 2015 nanohttpd + * %% + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * 3. Neither the name of the nanohttpd nor the names of its contributors + * may be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * #L% + */ + +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.PipedInputStream; +import java.io.PipedOutputStream; + +import org.apache.http.HttpEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpOptions; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * @author Matthieu Brouillard [matthieu@brouillard.fr] + */ +public class TestCorsHttpServer extends AbstractTestHttpServer { + + private static PipedOutputStream stdIn; + + private static Thread serverStartThread; + + @BeforeClass + public static void setUp() throws Exception { + stdIn = new PipedOutputStream(); + System.setIn(new PipedInputStream(stdIn)); + serverStartThread = new Thread(new Runnable() { + + @Override + public void run() { + String[] args = { + "--host", + "localhost", + "--port", + "9090", + "--dir", + "src/test/resources", + "--cors" + }; + SimpleWebServer.main(args); + } + }); + serverStartThread.start(); + // give the server some tine to start. + Thread.sleep(100); + } + + @AfterClass + public static void tearDown() throws Exception { + stdIn.write("\n\n".getBytes()); + serverStartThread.join(2000); + Assert.assertFalse(serverStartThread.isAlive()); + } + + @Test + public void doTestOption() throws Exception { + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpOptions httpOption = new HttpOptions("http://localhost:9090/xxx/yyy.html"); + CloseableHttpResponse response = httpclient.execute(httpOption); + Assert.assertEquals(200, response.getStatusLine().getStatusCode()); + Assert.assertNotNull("Cors should have added a header: Access-Control-Allow-Origin", response.getLastHeader("Access-Control-Allow-Origin")); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Origin: *", "*", response.getLastHeader("Access-Control-Allow-Origin").getValue()); + response.close(); + } + + @Test + public void doSomeBasicTest() throws Exception { + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpGet httpget = new HttpGet("http://localhost:9090/testdir/test.html"); + CloseableHttpResponse response = httpclient.execute(httpget); + HttpEntity entity = response.getEntity(); + String string = new String(readContents(entity), "UTF-8"); + + Assert.assertNotNull("Cors should have added a header: Access-Control-Allow-Origin", response.getLastHeader("Access-Control-Allow-Origin")); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Origin: *", "*", response.getLastHeader("Access-Control-Allow-Origin").getValue()); + Assert.assertEquals("<html>\n<head>\n<title>dummy</title>\n</head>\n<body>\n\t<h1>it works</h1>\n</body>\n</html>", string); + response.close(); + } + + @Test + public void testAccessControlAllowHeaderUsesDefaultsWithoutSystemProperty() throws Exception { + Assert.assertNull("no System " + SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME + " shoudl be set", + System.getProperty(SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME)); + + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpOptions httpOption = new HttpOptions("http://localhost:9090/xxx/yyy.html"); + CloseableHttpResponse response = httpclient.execute(httpOption); + Assert.assertEquals(200, response.getStatusLine().getStatusCode()); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Headers: " + SimpleWebServer.DEFAULT_ALLOWED_HEADERS, + SimpleWebServer.DEFAULT_ALLOWED_HEADERS, response.getLastHeader("Access-Control-Allow-Headers").getValue()); + response.close(); + } + + @Test + public void testAccessControlAllowHeaderUsesSystemPropertyWhenSet() throws Exception { + Assert.assertNull("no System " + SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME + " shoudl be set", + System.getProperty(SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME)); + + final String expectedValue = "origin"; + System.setProperty(SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME, expectedValue); + + try { + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpOptions httpOption = new HttpOptions("http://localhost:9090/xxx/yyy.html"); + CloseableHttpResponse response = httpclient.execute(httpOption); + Assert.assertEquals(200, response.getStatusLine().getStatusCode()); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Headers: " + expectedValue, expectedValue, + response.getLastHeader("Access-Control-Allow-Headers").getValue()); + response.close(); + } finally { + System.clearProperty(SimpleWebServer.ACCESS_CONTROL_ALLOW_HEADER_PROPERTY_NAME); + } + } +} diff --git a/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServerWithSingleOrigin.java b/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServerWithSingleOrigin.java new file mode 100644 index 0000000..dbd2c4e --- /dev/null +++ b/webserver/src/test/java/fi/iki/elonen/TestCorsHttpServerWithSingleOrigin.java @@ -0,0 +1,121 @@ +package fi.iki.elonen; + +/* + * #%L + * NanoHttpd-Webserver + * %% + * Copyright (C) 2012 - 2015 nanohttpd + * %% + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * 3. Neither the name of the nanohttpd nor the names of its contributors + * may be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * #L% + */ + +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.PipedInputStream; +import java.io.PipedOutputStream; + +import org.apache.http.HttpEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpOptions; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * @author Matthieu Brouillard [matthieu@brouillard.fr] + */ +public class TestCorsHttpServerWithSingleOrigin extends AbstractTestHttpServer { + + private static PipedOutputStream stdIn; + + private static Thread serverStartThread; + + @BeforeClass + public static void setUp() throws Exception { + stdIn = new PipedOutputStream(); + System.setIn(new PipedInputStream(stdIn)); + serverStartThread = new Thread(new Runnable() { + + @Override + public void run() { + String[] args = { + "--host", + "localhost", + "--port", + "9090", + "--dir", + "src/test/resources", + "--cors=http://localhost:9090" + }; + SimpleWebServer.main(args); + } + }); + serverStartThread.start(); + // give the server some tine to start. + Thread.sleep(100); + } + + @AfterClass + public static void tearDown() throws Exception { + stdIn.write("\n\n".getBytes()); + serverStartThread.join(2000); + Assert.assertFalse(serverStartThread.isAlive()); + } + + @Test + public void doTestOption() throws Exception { + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpOptions httpOption = new HttpOptions("http://localhost:9090/xxx/yyy.html"); + CloseableHttpResponse response = httpclient.execute(httpOption); + Assert.assertEquals(200, response.getStatusLine().getStatusCode()); + Assert.assertNotNull("Cors should have added a header: Access-Control-Allow-Origin", response.getLastHeader("Access-Control-Allow-Origin")); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Origin: http://localhost:9090", "http://localhost:9090", + response.getLastHeader("Access-Control-Allow-Origin").getValue()); + response.close(); + } + + @Test + public void doSomeBasicTest() throws Exception { + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpGet httpget = new HttpGet("http://localhost:9090/testdir/test.html"); + CloseableHttpResponse response = httpclient.execute(httpget); + HttpEntity entity = response.getEntity(); + String string = new String(readContents(entity), "UTF-8"); + + Assert.assertNotNull("Cors should have added a header: Access-Control-Allow-Origin", response.getLastHeader("Access-Control-Allow-Origin")); + Assert.assertEquals("Cors should have added a header: Access-Control-Allow-Origin: http://localhost:9090", "http://localhost:9090", + response.getLastHeader("Access-Control-Allow-Origin").getValue()); + Assert.assertEquals("<html>\n<head>\n<title>dummy</title>\n</head>\n<body>\n\t<h1>it works</h1>\n</body>\n</html>", string); + response.close(); + } +} diff --git a/webserver/src/test/java/fi/iki/elonen/TestHttpServer.java b/webserver/src/test/java/fi/iki/elonen/TestHttpServer.java index aa08f49..bb16741 100644 --- a/webserver/src/test/java/fi/iki/elonen/TestHttpServer.java +++ b/webserver/src/test/java/fi/iki/elonen/TestHttpServer.java @@ -50,7 +50,7 @@ import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; -public class TestHttpServer { +public class TestHttpServer extends AbstractTestHttpServer { private static PipedOutputStream stdIn; @@ -146,27 +146,4 @@ public class TestHttpServer { response.close(); } - - private byte[] readContents(HttpEntity entity) throws IOException { - InputStream instream = entity.getContent(); - return readContents(instream); - } - - private byte[] readContents(InputStream instream) throws IOException { - byte[] bytes; - ByteArrayOutputStream out = new ByteArrayOutputStream(); - - try { - byte[] buffer = new byte[1024]; - int count; - while ((count = instream.read(buffer)) >= 0) { - out.write(buffer, 0, count); - } - bytes = out.toByteArray(); - } finally { - instream.close(); - } - return bytes; - } - } |