[lxc-devel] [lxd/master] Closes #2245 Added global key `core.https_allow_credentials`
18augst on Github
lxc-bot at linuxcontainers.org
Wed Jul 27 22:26:26 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 403 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160727/d2b2fc23/attachment.bin>
-------------- next part --------------
From ef47fc740727db8974620d6b8a7a2312e842cbaf Mon Sep 17 00:00:00 2001
From: 18augst <18augst at gmail.com>
Date: Thu, 28 Jul 2016 01:20:59 +0300
Subject: [PATCH] Closes #2245 Added global key `core.https_allow_credentials`
with `bool` type.
---
config/bash/lxd-client | 1 +
doc/configuration.md | 1 +
lxd/daemon.go | 5 +++++
lxd/daemon_config.go | 17 +++++++++--------
4 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/config/bash/lxd-client b/config/bash/lxd-client
index cafcb75..2967bea 100644
--- a/config/bash/lxd-client
+++ b/config/bash/lxd-client
@@ -39,6 +39,7 @@ _have lxc && {
global_keys="core.https_address core.https_allowd_origin \
core.https_allowed_methods core.https_allowed_headers core.proxy_https \
+ core.https_allow_credentials \
core.proxy_http core.proxy_ignore_host core.trust_password \
storage.lvm_vg_name storage.lvm_thinpool_name storage.lvm_fstype \
storage.lvm_volume_size storage.zfs_pool_name
diff --git a/doc/configuration.md b/doc/configuration.md
index 0415d7e..6b7a215 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -23,6 +23,7 @@ core.https\_address | string | - | -
core.https\_allowed\_origin | string | - | - | Access-Control-Allow-Origin http header value
core.https\_allowed\_methods | string | - | - | Access-Control-Allow-Methods http header value
core.https\_allowed\_headers | string | - | - | Access-Control-Allow-Headers http header value
+core.https\_allow\_credentials | bool | - | - | Access-Control-Allow-Credentials http header value, default: false
core.proxy\_https | string | - | - | https proxy to use, if any (falls back to HTTPS\_PROXY environment variable)
core.proxy\_http | string | - | - | http proxy to use, if any (falls back to HTTP\_PROXY environment variable)
core.proxy\_ignore\_hosts | string | - | - | hosts which don't need the proxy for use (similar format to NO\_PROXY, e.g. 1.2.3.4,1.2.3.5, falls back to NO\_PROXY environment variable)
diff --git a/lxd/daemon.go b/lxd/daemon.go
index 37a2338..aed6570 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -1249,6 +1249,11 @@ func (s *lxdHttpServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
rw.Header().Set("Access-Control-Allow-Headers", allowedHeaders)
}
+ allowCredentials := daemonConfig["core.https_allow_credentials"].GetBool()
+ if allowCredentials {
+ rw.Header().Set("Access-Control-Allow-Credentials", "true")
+ }
+
// OPTIONS request don't need any further processing
if req.Method == "OPTIONS" {
return
diff --git a/lxd/daemon_config.go b/lxd/daemon_config.go
index b941999..861b9d3 100644
--- a/lxd/daemon_config.go
+++ b/lxd/daemon_config.go
@@ -164,14 +164,15 @@ func (k *daemonConfigKey) GetInt64() int64 {
func daemonConfigInit(db *sql.DB) error {
// Set all the keys
daemonConfig = map[string]*daemonConfigKey{
- "core.https_address": &daemonConfigKey{valueType: "string", setter: daemonConfigSetAddress},
- "core.https_allowed_headers": &daemonConfigKey{valueType: "string"},
- "core.https_allowed_methods": &daemonConfigKey{valueType: "string"},
- "core.https_allowed_origin": &daemonConfigKey{valueType: "string"},
- "core.proxy_http": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
- "core.proxy_https": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
- "core.proxy_ignore_hosts": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
- "core.trust_password": &daemonConfigKey{valueType: "string", hiddenValue: true, setter: daemonConfigSetPassword},
+ "core.https_address": &daemonConfigKey{valueType: "string", setter: daemonConfigSetAddress},
+ "core.https_allowed_headers": &daemonConfigKey{valueType: "string"},
+ "core.https_allowed_methods": &daemonConfigKey{valueType: "string"},
+ "core.https_allowed_origin": &daemonConfigKey{valueType: "string"},
+ "core.https_allow_credentials": &daemonConfigKey{valueType: "bool", defaultValue: "false"},
+ "core.proxy_http": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+ "core.proxy_https": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+ "core.proxy_ignore_hosts": &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+ "core.trust_password": &daemonConfigKey{valueType: "string", hiddenValue: true, setter: daemonConfigSetPassword},
"images.auto_update_cached": &daemonConfigKey{valueType: "bool", defaultValue: "true"},
"images.auto_update_interval": &daemonConfigKey{valueType: "int", defaultValue: "6"},
More information about the lxc-devel
mailing list