Add flag to enable cross domain requests in Api

crosbymichael · crosbymichael · commit 6d5bdff3942c · 2013-06-03T21:39:00.000-04:00
Add the -api-enable-cors flag when running docker
in daemon mode to allow CORS requests to be made to
the Remote Api.  The default value is false for this
flag to not allow cross origin request to be made.

Also added a handler for OPTIONS requests the standard
for cross domain requests is to initially make an
OPTIONS request to the api.
diff --git a/api.go b/api.go
@@ -703,6 +703,11 @@ func postBuild(srv *Server, version float64, w http.ResponseWriter, r *http.Requ
 	return nil
 }
 
+func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {
+	w.Header().Add("Access-Control-Allow-Origin", "*")
+	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+}
+
 func ListenAndServe(addr string, srv *Server, logging bool) error {
 	r := mux.NewRouter()
 	log.Printf("Listening for HTTP on %s\n", addr)
@@ -773,12 +778,20 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {
 					w.WriteHeader(http.StatusNotFound)
 					return
 				}
+				if srv.enableCors {
+					writeCorsHeaders(w, r)
+				}
 				if err := localFct(srv, version, w, r, mux.Vars(r)); err != nil {
 					httpError(w, err)
 				}
 			}
 			r.Path("/v{version:[0-9.]+}" + localRoute).Methods(localMethod).HandlerFunc(f)
 			r.Path(localRoute).Methods(localMethod).HandlerFunc(f)
+			r.Methods("OPTIONS").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				if srv.enableCors {
+					writeCorsHeaders(w, r)
+				}
+			})
 		}
 	}
 	return http.ListenAndServe(addr, r)
diff --git a/api_test.go b/api_test.go
@@ -1239,6 +1239,32 @@ func TestDeleteContainers(t *testing.T) {
 	}
 }
 
+func TestGetEnabledCors(t *testing.T) {
+	runtime, err := newTestRuntime()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer nuke(runtime)
+
+	srv := &Server{runtime: runtime, enableCors: true}
+
+	r := httptest.NewRecorder()
+
+	if err := getVersion(srv, API_VERSION, r, nil, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	allowOrigin := r.Header().Get("Access-Control-Allow-Origin")
+	allowHeaders := r.Header().Get("Access-Control-Allow-Headers")
+
+	if allowOrigin != "*" {
+		t.Errorf("Expected header Access-Control-Allow-Origin to be \"*\", %s found.", allowOrigin)
+	}
+	if allowHeaders != "Origin, X-Requested-With, Content-Type, Accept" {
+		t.Errorf("Expected header Access-Control-Allow-Headers to be \"Origin, X-Requested-With, Content-Type, Accept\", %s found.", allowHeaders)
+	}
+}
+
 func TestDeleteImages(t *testing.T) {
 	//FIXME: Implement this test
 	t.Log("Test not implemented")
diff --git a/docker/docker.go b/docker/docker.go
@@ -33,6 +33,7 @@ func main() {
 	bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge")
 	pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")
 	flHost := flag.String("H", fmt.Sprintf("%s:%d", host, port), "Host:port to bind/connect to")
+	flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")
 	flag.Parse()
 	if *bridgeName != "" {
 		docker.NetworkBridgeIface = *bridgeName
@@ -65,7 +66,7 @@ func main() {
 			flag.Usage()
 			return
 		}
-		if err := daemon(*pidfile, host, port, *flAutoRestart); err != nil {
+		if err := daemon(*pidfile, host, port, *flAutoRestart, *flEnableCors); err != nil {
 			log.Fatal(err)
 			os.Exit(-1)
 		}
@@ -104,7 +105,7 @@ func removePidFile(pidfile string) {
 	}
 }
 
-func daemon(pidfile, addr string, port int, autoRestart bool) error {
+func daemon(pidfile, addr string, port int, autoRestart, enableCors bool) error {
 	if addr != "127.0.0.1" {
 		log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
 	}
@@ -122,7 +123,7 @@ func daemon(pidfile, addr string, port int, autoRestart bool) error {
 		os.Exit(0)
 	}()
 
-	server, err := docker.NewServer(autoRestart)
+	server, err := docker.NewServer(autoRestart, enableCors)
 	if err != nil {
 		return err
 	}
diff --git a/docs/sources/api/docker_remote_api.rst b/docs/sources/api/docker_remote_api.rst
@@ -1056,3 +1056,11 @@ Here are the steps of 'docker run' :
 
 In this first version of the API, some of the endpoints, like /attach, /pull or /push uses hijacking to transport stdin,
 stdout and stderr on the same socket. This might change in the future.
+
+
+3.3 CORS Requests
+-----------------
+
+To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+    
+    docker -d -H="192.168.1.9:4243" -api-enable-cors
diff --git a/server.go b/server.go
@@ -870,7 +870,7 @@ func (srv *Server) ImageInspect(name string) (*Image, error) {
 	return nil, fmt.Errorf("No such image: %s", name)
 }
 
-func NewServer(autoRestart bool) (*Server, error) {
+func NewServer(autoRestart, enableCors bool) (*Server, error) {
 	if runtime.GOARCH != "amd64" {
 		log.Fatalf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)
 	}
@@ -879,12 +879,14 @@ func NewServer(autoRestart bool) (*Server, error) {
 		return nil, err
 	}
 	srv := &Server{
-		runtime: runtime,
+		runtime:    runtime,
+		enableCors: enableCors,
 	}
 	runtime.srv = srv
 	return srv, nil
 }
 
 type Server struct {
-	runtime *Runtime
+	runtime    *Runtime
+	enableCors bool
 }

Original file line number	Diff line number	Diff line change
`@@ -703,6 +703,11 @@ func postBuild(srv Server, version float64, w http.ResponseWriter, r http.Requ`
`703`	`703`	`return nil`
`704`	`704`	`}`
`705`	`705`
	`706`	`+func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {`
	`707`	`+ w.Header().Add("Access-Control-Allow-Origin", "*")`
	`708`	`+ w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")`
	`709`	`+}`
	`710`	`+`
`706`	`711`	`func ListenAndServe(addr string, srv *Server, logging bool) error {`
`707`	`712`	`r := mux.NewRouter()`
`708`	`713`	`log.Printf("Listening for HTTP on %s\n", addr)`
`@@ -773,12 +778,20 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {`
`773`	`778`	`w.WriteHeader(http.StatusNotFound)`
`774`	`779`	`return`
`775`	`780`	`}`
	`781`	`+ if srv.enableCors {`
	`782`	`+ writeCorsHeaders(w, r)`
	`783`	`+ }`
`776`	`784`	`if err := localFct(srv, version, w, r, mux.Vars(r)); err != nil {`
`777`	`785`	`httpError(w, err)`
`778`	`786`	`}`
`779`	`787`	`}`
`780`	`788`	`r.Path("/v{version:[0-9.]+}" + localRoute).Methods(localMethod).HandlerFunc(f)`
`781`	`789`	`r.Path(localRoute).Methods(localMethod).HandlerFunc(f)`
	`790`	`+ r.Methods("OPTIONS").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
	`791`	`+ if srv.enableCors {`
	`792`	`+ writeCorsHeaders(w, r)`
	`793`	`+ }`
	`794`	`+ })`
`782`	`795`	`}`
`783`	`796`	`}`
`784`	`797`	`return http.ListenAndServe(addr, r)`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ func main() {`
`33`	`33`	`bridgeName := flag.String("b", "", "Attach containers to a pre-existing network bridge")`
`34`	`34`	`pidfile := flag.String("p", "/var/run/docker.pid", "File containing process PID")`
`35`	`35`	`flHost := flag.String("H", fmt.Sprintf("%s:%d", host, port), "Host:port to bind/connect to")`
	`36`	`+ flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")`
`36`	`37`	`flag.Parse()`
`37`	`38`	`if *bridgeName != "" {`
`38`	`39`	`docker.NetworkBridgeIface = *bridgeName`
`@@ -65,7 +66,7 @@ func main() {`
`65`	`66`	`flag.Usage()`
`66`	`67`	`return`
`67`	`68`	`}`
`68`		`- if err := daemon(pidfile, host, port, flAutoRestart); err != nil {`
	`69`	`+ if err := daemon(pidfile, host, port, flAutoRestart, *flEnableCors); err != nil {`
`69`	`70`	`log.Fatal(err)`
`70`	`71`	`os.Exit(-1)`
`71`	`72`	`}`
`@@ -104,7 +105,7 @@ func removePidFile(pidfile string) {`
`104`	`105`	`}`
`105`	`106`	`}`
`106`	`107`
`107`		`-func daemon(pidfile, addr string, port int, autoRestart bool) error {`
	`108`	`+func daemon(pidfile, addr string, port int, autoRestart, enableCors bool) error {`
`108`	`109`	`if addr != "127.0.0.1" {`
`109`	`110`	`log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")`
`110`	`111`	`}`
`@@ -122,7 +123,7 @@ func daemon(pidfile, addr string, port int, autoRestart bool) error {`
`122`	`123`	`os.Exit(0)`
`123`	`124`	`}()`
`124`	`125`
`125`		`- server, err := docker.NewServer(autoRestart)`
	`126`	`+ server, err := docker.NewServer(autoRestart, enableCors)`
`126`	`127`	`if err != nil {`
`127`	`128`	`return err`
`128`	`129`	`}`
Original file line number	Diff line number	Diff line change
`@@ -870,7 +870,7 @@ func (srv Server) ImageInspect(name string) (Image, error) {`
`870`	`870`	`return nil, fmt.Errorf("No such image: %s", name)`
`871`	`871`	`}`
`872`	`872`
`873`		`-func NewServer(autoRestart bool) (*Server, error) {`
	`873`	`+func NewServer(autoRestart, enableCors bool) (*Server, error) {`
`874`	`874`	`if runtime.GOARCH != "amd64" {`
`875`	`875`	`log.Fatalf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)`
`876`	`876`	`}`
`@@ -879,12 +879,14 @@ func NewServer(autoRestart bool) (*Server, error) {`
`879`	`879`	`return nil, err`
`880`	`880`	`}`
`881`	`881`	`srv := &Server{`
`882`		`- runtime: runtime,`
	`882`	`+ runtime: runtime,`
	`883`	`+ enableCors: enableCors,`
`883`	`884`	`}`
`884`	`885`	`runtime.srv = srv`
`885`	`886`	`return srv, nil`
`886`	`887`	`}`
`887`	`888`
`888`	`889`	`type Server struct {`
`889`		`- runtime *Runtime`
	`890`	`+ runtime *Runtime`
	`891`	`+ enableCors bool`
`890`	`892`	`}`