From 0eee8e7464a497c702e5037cc00b2ef9e047c9fc Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Sat, 2 Feb 2019 16:12:51 +0900 Subject: [PATCH] Returns Access-Control-Allow-Origin * on all Bitpay GET and post requests. --- BTCPayServer.Tests/UnitTest1.cs | 42 ++++++++++++++++++++++-- BTCPayServer/Hosting/BTCpayMiddleware.cs | 1 + 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/BTCPayServer.Tests/UnitTest1.cs b/BTCPayServer.Tests/UnitTest1.cs index 8d6e8d395..cbd336ac5 100644 --- a/BTCPayServer.Tests/UnitTest1.cs +++ b/BTCPayServer.Tests/UnitTest1.cs @@ -859,6 +859,44 @@ namespace BTCPayServer.Tests Assert.Equal(f1.ToString(), f2.ToString()); } + [Fact] + [Trait("Integration", "Integration")] + public async void CheckCORSSetOnBitpayAPI() + { + using (var tester = ServerTester.Create()) + { + tester.Start(); + foreach(var req in new[] + { + "invoices/", + "invoices", + "rates", + "tokens" + }.Select(async path => + { + using (HttpClient client = new HttpClient()) + { + HttpRequestMessage message = new HttpRequestMessage(HttpMethod.Options, tester.PayTester.ServerUri.AbsoluteUri + path); + message.Headers.Add("Access-Control-Request-Headers", "test"); + var response = await client.SendAsync(message); + response.EnsureSuccessStatusCode(); + Assert.True(response.Headers.TryGetValues("Access-Control-Allow-Origin", out var val)); + Assert.Equal("*", val.FirstOrDefault()); + Assert.True(response.Headers.TryGetValues("Access-Control-Allow-Headers", out val)); + Assert.Equal("test", val.FirstOrDefault()); + } + }).ToList()) + { + await req; + } + HttpClient client2 = new HttpClient(); + HttpRequestMessage message2 = new HttpRequestMessage(HttpMethod.Options, tester.PayTester.ServerUri.AbsoluteUri + "rates"); + var response2 = await client2.SendAsync(message2); + Assert.True(response2.Headers.TryGetValues("Access-Control-Allow-Origin", out var val2)); + Assert.Equal("*", val2.FirstOrDefault()); + } + } + [Fact] [Trait("Integration", "Integration")] public void TestAccessBitpayAPI() @@ -2324,7 +2362,7 @@ donation: var parsed = new StatusMessageModel(legacyStatus); Assert.Equal(legacyStatus, parsed.Message); Assert.Equal(StatusMessageModel.StatusSeverity.Error, parsed.Severity); - + var legacyStatus2 = "Some normal shit happened"; parsed = new StatusMessageModel(legacyStatus2); Assert.Equal(legacyStatus2, parsed.Message); @@ -2339,7 +2377,7 @@ donation: Assert.Null(parsed.Message); Assert.Equal(newStatus.Html, parsed.Html); Assert.Equal(StatusMessageModel.StatusSeverity.Info, parsed.Severity); - + var newStatus2 = new StatusMessageModel() { Message = "something new", diff --git a/BTCPayServer/Hosting/BTCpayMiddleware.cs b/BTCPayServer/Hosting/BTCpayMiddleware.cs index 9ff1c3332..e6d66e673 100644 --- a/BTCPayServer/Hosting/BTCpayMiddleware.cs +++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs @@ -51,6 +51,7 @@ namespace BTCPayServer.Hosting httpContext.SetIsBitpayAPI(isBitpayAPI); if (isBitpayAPI) { + httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*"); httpContext.SetBitpayAuth(bitpayAuth); } await _Next(httpContext);