diff --git a/server/config.go b/server/config.go index 1a55e025..7eaaebb9 100644 --- a/server/config.go +++ b/server/config.go @@ -41,6 +41,7 @@ type HttpConfig struct { HttpListenIp string TLSCertFile string TLSKeyFile string + AccessControlAllowOrigin string } type Peers struct { diff --git a/server/httpserver.go b/server/httpserver.go index 8b6e4d50..dd9189a6 100644 --- a/server/httpserver.go +++ b/server/httpserver.go @@ -28,6 +28,8 @@ type HttpServer struct { ginEngine *gin.Engine listenAddr *net.TCPAddr + accessControlAllowOrigin string + wg sync.WaitGroup running atomic.Bool @@ -67,7 +69,7 @@ func (hs *HttpServer) Start(us *UdpServer, hc *HttpConfig) error { gin.SetMode(gin.ReleaseMode) hs.ginEngine = gin.New() - hs.ginEngine.Use(corsMiddleware()) + hs.ginEngine.Use(corsMiddleware(hc.AccessControlAllowOrigin)) hs.ginEngine.Use(gin.LoggerWithWriter(us.log.Writer())) hs.ginEngine.Use(gin.Recovery()) @@ -282,10 +284,10 @@ func (hs *HttpServer) initRouter() { // corsMiddleware is a middleware function that adds CORS headers to the HTTP response. // It allows cross-origin resource sharing, specifies allowed methods, exposes headers, and sets maximum age. // If the request method is OPTIONS, PUT, or DELETE, it aborts the request with a 204 status code. -func corsMiddleware() gin.HandlerFunc { +func corsMiddleware(originResource string) gin.HandlerFunc { return func(c *gin.Context) { // HTTP headers for CORS - c.Writer.Header().Set("Access-Control-Allow-Origin", "*") // allow cross-origin resource sharing + c.Writer.Header().Set("Access-Control-Allow-Origin", originResource) // allow cross-origin resource sharing c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS, POST") // methods c.Writer.Header().Set("Access-Control-Expose-Headers", "Content-Type, Content-Length, Set-Cookie") c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, X-NHP-Ver, Cookie") diff --git a/server/main/etc/http.toml b/server/main/etc/http.toml index 99c949d7..e80c8406 100644 --- a/server/main/etc/http.toml +++ b/server/main/etc/http.toml @@ -4,9 +4,11 @@ # EnableTLS: whether to use TLS certificates for hosting https server. # TLSCertFile: certificate file path. # TLSKeyFile: key file path. +# AccessControlAllowOrigin: the response header indicates whether the response can be shared with requesting code from the given origin. # to update http changes, you need to restart the http server by changing "EnableHttp" to "false" and then switch it back to "true". EnableHttp = true EnableTLS = true HttpListenIp = "0.0.0.0" # empty for ipv4 + ipv6, "0.0.0.0" for ipv4 only, "127.0.0.1" for local ipv4 access only TLSCertFile = "cert/cert.pem" TLSKeyFile = "cert/cert.key" +AccessControlAllowOrigin = "https://demologin.opennhp.cn" diff --git a/server/plugins/example/templates/example_login.html b/server/plugins/example/templates/example_login.html index 68511541..af9d5a75 100644 --- a/server/plugins/example/templates/example_login.html +++ b/server/plugins/example/templates/example_login.html @@ -289,7 +289,9 @@

"&password=" + encodeURIComponent(password); console.log(nhpValidUrl); - fetch(nhpValidUrl) + fetch(nhpValidUrl,{ + credentials: "include" + }) .then(response => response.json()) .then(result => { console.log(result);