8000 add response for cors preflight requests (#6646) · localstack/localstack@a317429 · GitHub
[go: up one dir, main page]

Skip to content

Commit a317429

Browse files
authored
add response for cors preflight requests (#6646)
1 parent 34c878d commit a317429

File tree

2 files changed

+17
-4
lines changed

2 files changed

+17
-4
lines changed

localstack/aws/handlers/cors.py

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,9 @@
8686
if EXTRA_CORS_ALLOWED_ORIGINS:
8787
ALLOWED_CORS_ORIGINS += EXTRA_CORS_ALLOWED_ORIGINS.split(",")
8888

89+
ACL_REQUEST_PRIVATE_NETWORK = "Access-Control-Request-Private-Network"
90+
ACL_ALLOW_PRIVATE_NETWORK = "Access-Control-Allow-Private-Network"
91+
8992
LOG = logging.getLogger(__name__)
9093

9194

@@ -97,17 +100,21 @@ class CorsEnforcer(Handler):
97100
"""
98101

99102
def __call__(self, chain: HandlerChain, context: RequestContext, response: Response) -> None:
100-
if (
101-
not config.DISABLE_CORS_CHECKS
102-
and self.should_enforce_self_managed_service(context)
103-
and not self.is_cors_origin_allowed(context.request.headers)
103+
if not self.should_enforce_self_managed_service(context):
104+
return
105+
if not config.DISABLE_CORS_CHECKS and not self.is_cors_origin_allowed(
106+
context.request.headers
104107
):
105108
LOG.info(
106109
"Blocked CORS request from forbidden origin %s",
107110
context.request.headers.get("origin") or context.request.headers.get("referer"),
108111
)
109112
response.status_code = 403
110113
chain.terminate()
114+
elif context.request.method == "OPTIONS" and not config.DISABLE_PREFLIGHT_PROCESSING:
115+
# we want to return immediately here, but we do not want to omit our response chain for cors headers
116+
response.status_code = 204
117+
chain.stop()
111118

112119
@staticmethod
113120
def should_enforce_self_managed_service(context: RequestContext) -> bool:
@@ -177,6 +184,11 @@ def __call__(self, chain: HandlerChain, context: RequestContext, response: Respo
177184
headers[ACL_ALLOW_HEADERS] = ",".join([h for h in requested_headers if h])
178185
if ACL_EXPOSE_HEADERS not in headers:
179186
headers[ACL_EXPOSE_HEADERS] = ",".join(CORS_EXPOSE_HEADERS)
187+
if (
188+
request_headers.get(ACL_REQUEST_PRIVATE_NETWORK) == "true"
189+
and ACL_ALLOW_PRIVATE_NETWORK not in headers
190+
):
191+
headers[ACL_ALLOW_PRIVATE_NETWORK] = "true"
180192

181193
for header in ALLOWED_CORS_RESPONSE_HEADERS:
182194
if headers.get(header) == "":

localstack/config.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -446,6 +446,7 @@ def in_docker():
446446
EXTRA_CORS_ALLOWED_HEADERS = os.environ.get("EXTRA_CORS_ALLOWED_HEADERS", "").strip()
447447
EXTRA_CORS_EXPOSE_HEADERS = os.environ.get("EXTRA_CORS_EXPOSE_HEADERS", "").strip()
448448
EXTRA_CORS_ALLOWED_ORIGINS = os.environ.get("EXTRA_CORS_ALLOWED_ORIGINS", "").strip()
449+
DISABLE_PREFLIGHT_PROCESSING = is_env_true("DISABLE_PREFLIGHT_PROCESSING")
449450

450451
# whether to disable publishing events to the API
451452
DISABLE_EVENTS = is_env_true("DISABLE_EVENTS")

0 commit comments

Comments
 (0)
0