[lxc-devel] [lxd/master] Closes #2245 Added global key `core.https_allow_credentials`

18augst on Github lxc-bot at linuxcontainers.org
Wed Jul 27 22:26:26 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 403 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160727/d2b2fc23/attachment.bin>
-------------- next part --------------
From ef47fc740727db8974620d6b8a7a2312e842cbaf Mon Sep 17 00:00:00 2001
From: 18augst <18augst at gmail.com>
Date: Thu, 28 Jul 2016 01:20:59 +0300
Subject: [PATCH] Closes #2245 Added global key `core.https_allow_credentials`
 with `bool` type.

---
 config/bash/lxd-client |  1 +
 doc/configuration.md   |  1 +
 lxd/daemon.go          |  5 +++++
 lxd/daemon_config.go   | 17 +++++++++--------
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/config/bash/lxd-client b/config/bash/lxd-client
index cafcb75..2967bea 100644
--- a/config/bash/lxd-client
+++ b/config/bash/lxd-client
@@ -39,6 +39,7 @@ _have lxc && {
 
     global_keys="core.https_address core.https_allowd_origin \
       core.https_allowed_methods core.https_allowed_headers core.proxy_https \
+      core.https_allow_credentials \
       core.proxy_http core.proxy_ignore_host core.trust_password \
       storage.lvm_vg_name storage.lvm_thinpool_name storage.lvm_fstype \
       storage.lvm_volume_size storage.zfs_pool_name
diff --git a/doc/configuration.md b/doc/configuration.md
index 0415d7e..6b7a215 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -23,6 +23,7 @@ core.https\_address             | string    | -         | -
 core.https\_allowed\_origin     | string    | -         | -                                 | Access-Control-Allow-Origin http header value
 core.https\_allowed\_methods    | string    | -         | -                                 | Access-Control-Allow-Methods http header value
 core.https\_allowed\_headers    | string    | -         | -                                 | Access-Control-Allow-Headers http header value
+core.https\_allow\_credentials  | bool      | -         | -                                 | Access-Control-Allow-Credentials http header value, default: false
 core.proxy\_https               | string    | -         | -                                 | https proxy to use, if any (falls back to HTTPS\_PROXY environment variable)
 core.proxy\_http                | string    | -         | -                                 | http proxy to use, if any (falls back to HTTP\_PROXY environment variable)
 core.proxy\_ignore\_hosts       | string    | -         | -                                 | hosts which don't need the proxy for use (similar format to NO\_PROXY, e.g. 1.2.3.4,1.2.3.5, falls back to NO\_PROXY environment variable)
diff --git a/lxd/daemon.go b/lxd/daemon.go
index 37a2338..aed6570 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -1249,6 +1249,11 @@ func (s *lxdHttpServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		rw.Header().Set("Access-Control-Allow-Headers", allowedHeaders)
 	}
 
+	allowCredentials := daemonConfig["core.https_allow_credentials"].GetBool()
+	if allowCredentials {
+		rw.Header().Set("Access-Control-Allow-Credentials", "true")
+	}
+
 	// OPTIONS request don't need any further processing
 	if req.Method == "OPTIONS" {
 		return
diff --git a/lxd/daemon_config.go b/lxd/daemon_config.go
index b941999..861b9d3 100644
--- a/lxd/daemon_config.go
+++ b/lxd/daemon_config.go
@@ -164,14 +164,15 @@ func (k *daemonConfigKey) GetInt64() int64 {
 func daemonConfigInit(db *sql.DB) error {
 	// Set all the keys
 	daemonConfig = map[string]*daemonConfigKey{
-		"core.https_address":         &daemonConfigKey{valueType: "string", setter: daemonConfigSetAddress},
-		"core.https_allowed_headers": &daemonConfigKey{valueType: "string"},
-		"core.https_allowed_methods": &daemonConfigKey{valueType: "string"},
-		"core.https_allowed_origin":  &daemonConfigKey{valueType: "string"},
-		"core.proxy_http":            &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
-		"core.proxy_https":           &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
-		"core.proxy_ignore_hosts":    &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
-		"core.trust_password":        &daemonConfigKey{valueType: "string", hiddenValue: true, setter: daemonConfigSetPassword},
+		"core.https_address":           &daemonConfigKey{valueType: "string", setter: daemonConfigSetAddress},
+		"core.https_allowed_headers":   &daemonConfigKey{valueType: "string"},
+		"core.https_allowed_methods":   &daemonConfigKey{valueType: "string"},
+		"core.https_allowed_origin":    &daemonConfigKey{valueType: "string"},
+		"core.https_allow_credentials": &daemonConfigKey{valueType: "bool", defaultValue: "false"},
+		"core.proxy_http":              &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+		"core.proxy_https":             &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+		"core.proxy_ignore_hosts":      &daemonConfigKey{valueType: "string", setter: daemonConfigSetProxy},
+		"core.trust_password":          &daemonConfigKey{valueType: "string", hiddenValue: true, setter: daemonConfigSetPassword},
 
 		"images.auto_update_cached":    &daemonConfigKey{valueType: "bool", defaultValue: "true"},
 		"images.auto_update_interval":  &daemonConfigKey{valueType: "int", defaultValue: "6"},

More information about the lxc-devel mailing list