Merge pull request #12827 from ascillato/CORS_to_Optional

Set CORS to be an optional feature
This commit is contained in:
Theo Arends 2021-08-05 19:54:34 +02:00 committed by GitHub
commit 1adced7255
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 4 deletions

View File

@ -173,7 +173,8 @@
#define FRIENDLY_NAME "Tasmota" // [FriendlyName] Friendlyname up to 32 characters used by webpages and Alexa
#define EMULATION EMUL_NONE // [Emulation] Select Belkin WeMo (single relay/light) or Hue Bridge emulation (multi relay/light) (EMUL_NONE, EMUL_WEMO or EMUL_HUE)
#define EMULATION_HUE_1ST_GEN false // [Emulation] Force SetOption109 1 - if you only have Echo Dot 2nd gen devices
#define CORS_DOMAIN "" // [Cors] CORS Domain for preflight requests
//#define USE_CORS // [Cors] Enable CORS - Be aware that this feature is unsecure ATM (https://github.com/arendst/Tasmota/issues/6767)
#define CORS_DOMAIN "" // [Cors] CORS Domain for preflight requests
// -- HTTP Options --------------------------------
#define GUI_SHOW_HOSTNAME false // [SetOption53] Show hostname and IP address in GUI main menu

View File

@ -292,7 +292,10 @@ const char HTTP_FORM_WIFI_PART2[] PROGMEM =
"<p><b>" D_AP2_SSID "</b> (" STA_SSID2 ")<br><input id='s2' placeholder=\"" D_AP2_SSID_HELP "\" value=\"%s\"></p>"
"<p><label><b>" D_AP_PASSWORD "</b><input type='checkbox' onclick='sp(\"p2\")'></label><br><input id='p2' type='password' placeholder=\"" D_AP_PASSWORD_HELP "\" value=\"" D_ASTERISK_PWD "\"></p>"
"<p><b>" D_HOSTNAME "</b> (%s)<br><input id='h' placeholder=\"%s\" value=\"%s\"></p>"
"<p><b>" D_CORS_DOMAIN "</b><input id='c' placeholder=\"" CORS_DOMAIN "\" value=\"%s\"></p>";
#ifdef USE_CORS
"<p><b>" D_CORS_DOMAIN "</b><input id='c' placeholder=\"" CORS_DOMAIN "\" value=\"%s\"></p>"
#endif
;
const char HTTP_FORM_LOG1[] PROGMEM =
"<fieldset><legend><b>&nbsp;" D_LOGGING_PARAMETERS "&nbsp;</b>"
@ -650,12 +653,14 @@ bool HttpCheckPriviledgedAccess(bool autorequestauth = true)
return true;
}
#ifdef USE_CORS
void HttpHeaderCors(void)
{
if (strlen(SettingsText(SET_CORS))) {
Webserver->sendHeader(F("Access-Control-Allow-Origin"), SettingsText(SET_CORS));
}
}
#endif
void WSHeaderSend(void)
{
@ -665,7 +670,9 @@ void WSHeaderSend(void)
Webserver->sendHeader(F("Cache-Control"), F("no-cache, no-store, must-revalidate"));
Webserver->sendHeader(F("Pragma"), F("no-cache"));
Webserver->sendHeader(F("Expires"), F("-1"));
#ifdef USE_CORS
HttpHeaderCors();
#endif
}
/**********************************************************************************************
@ -1993,7 +2000,11 @@ void HandleWifiConfiguration(void) {
// As WIFI_HOSTNAME may contain %s-%04d it cannot be part of HTTP_FORM_WIFI where it will exception
WSContentSend_P(PSTR("></p>"));
} else {
#ifdef USE_CORS
WSContentSend_P(HTTP_FORM_WIFI_PART2, SettingsText(SET_STASSID2), WIFI_HOSTNAME, WIFI_HOSTNAME, SettingsText(SET_HOSTNAME), SettingsText(SET_CORS));
#else
WSContentSend_P(HTTP_FORM_WIFI_PART2, SettingsText(SET_STASSID2), WIFI_HOSTNAME, WIFI_HOSTNAME, SettingsText(SET_HOSTNAME));
#endif
}
WSContentSend_P(HTTP_FORM_END);
@ -2026,7 +2037,9 @@ void HandleWifiConfiguration(void) {
void WifiSaveSettings(void) {
String cmnd = F(D_CMND_BACKLOG "0 ");
cmnd += AddWebCommand(PSTR(D_CMND_HOSTNAME), PSTR("h"), PSTR("1"));
#ifdef USE_CORS
cmnd += AddWebCommand(PSTR(D_CMND_CORS), PSTR("c"), PSTR("1"));
#endif
cmnd += AddWebCommand(PSTR(D_CMND_SSID "1"), PSTR("s1"), PSTR("1"));
cmnd += AddWebCommand(PSTR(D_CMND_SSID "2"), PSTR("s2"), PSTR("1"));
cmnd += AddWebCommand(PSTR(D_CMND_PASSWORD "3"), PSTR("p1"), PSTR("\""));
@ -2816,7 +2829,9 @@ void HandleUploadLoop(void) {
void HandlePreflightRequest(void)
{
#ifdef USE_CORS
HttpHeaderCors();
#endif
Webserver->sendHeader(F("Access-Control-Allow-Methods"), F("GET, POST"));
Webserver->sendHeader(F("Access-Control-Allow-Headers"), F("authorization"));
WSSend(200, CT_HTML, "");
@ -3105,7 +3120,11 @@ const char kWebCommands[] PROGMEM = "|" // No prefix
D_CMND_SENDMAIL "|"
#endif
D_CMND_WEBSERVER "|" D_CMND_WEBPASSWORD "|" D_CMND_WEBLOG "|" D_CMND_WEBREFRESH "|" D_CMND_WEBSEND "|" D_CMND_WEBCOLOR "|"
D_CMND_WEBSENSOR "|" D_CMND_WEBBUTTON "|" D_CMND_CORS;
D_CMND_WEBSENSOR "|" D_CMND_WEBBUTTON
#ifdef USE_CORS
"|" D_CMND_CORS
#endif
;
void (* const WebCommand[])(void) PROGMEM = {
#ifdef USE_EMULATION
@ -3115,7 +3134,11 @@ void (* const WebCommand[])(void) PROGMEM = {
&CmndSendmail,
#endif
&CmndWebServer, &CmndWebPassword, &CmndWeblog, &CmndWebRefresh, &CmndWebSend, &CmndWebColor,
&CmndWebSensor, &CmndWebButton, &CmndCors };
&CmndWebSensor, &CmndWebButton
#ifdef USE_CORS
, &CmndCors
#endif
};
/*********************************************************************************************\
* Commands
@ -3260,6 +3283,7 @@ void CmndWebButton(void)
}
}
#ifdef USE_CORS
void CmndCors(void)
{
if (XdrvMailbox.data_len > 0) {
@ -3267,6 +3291,7 @@ void CmndCors(void)
}
ResponseCmndChar(SettingsText(SET_CORS));
}
#endif
/*********************************************************************************************\
* Interface