Skip to content

Commit

Permalink
Headscale: Added an option to set an Access-Control-Allow-Origin resp…
Browse files Browse the repository at this point in the history
…onse header to enable Cross-Origin Resource Sharing (CORS)
  • Loading branch information
Jisse-Meruma committed Dec 13, 2024
1 parent 89a648c commit 39bd024
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/docs-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ on:
# Stable release tags
- v[0-9]+.[0-9]+.[0-9]+
paths:
- 'docs/**'
- 'mkdocs.yml'
- "docs/**"
- "mkdocs.yml"
workflow_dispatch:

jobs:
Expand Down
7 changes: 7 additions & 0 deletions config-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@ grpc_listen_addr: 127.0.0.1:50443
# are doing.
grpc_allow_insecure: false

# The Access-Control-Allow-Origin header specifies which origins are allowed to access resources.
# Options:
# - "*" to allow access from any origin (not recommended for sensitive data).
# - "http://example.com" to only allow access from a specific origin.
# - "" to disable Cross-Origin Resource Sharing (CORS).
Access-Control-Allow-Origin: ""

# The Noise section includes specific configuration for the
# TS2021 Noise protocol
noise:
Expand Down
11 changes: 11 additions & 0 deletions hscontrol/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -440,10 +440,21 @@ func (h *Headscale) ensureUnixSocketIsAbsent() error {
return os.Remove(h.cfg.UnixSocket)
}

func (h *Headscale) corsHeadersMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", h.cfg.AccessControlAllowOrigins)
next.ServeHTTP(w, r)
})
}

func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
router := mux.NewRouter()
router.Use(prometheusMiddleware)

if h.cfg.AccessControlAllowOrigins != "" {
router.Use(h.corsHeadersMiddleware)
}

router.HandleFunc(ts2021UpgradePath, h.NoiseUpgradeHandler).Methods(http.MethodPost, http.MethodGet)

router.HandleFunc("/health", h.HealthHandler).Methods(http.MethodGet)
Expand Down
6 changes: 6 additions & 0 deletions hscontrol/types/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,8 @@ type Config struct {
Log LogConfig
DisableUpdateCheck bool

AccessControlAllowOrigins string

Database DatabaseConfig

DERP DERPConfig
Expand Down Expand Up @@ -292,6 +294,8 @@ func LoadConfig(path string, isFile bool) error {
viper.SetDefault("tuning.batch_change_delay", "800ms")
viper.SetDefault("tuning.node_mapsession_buffered_chan_size", 30)

viper.SetDefault("Access-Control-Allow-Origin", "")

viper.SetDefault("prefixes.allocation", string(IPAllocationStrategySequential))

if err := viper.ReadInConfig(); err != nil {
Expand Down Expand Up @@ -852,6 +856,8 @@ func LoadServerConfig() (*Config, error) {
GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"),
DisableUpdateCheck: false,

AccessControlAllowOrigins: viper.GetString("Access-Control-Allow-Origin"),

PrefixV4: prefix4,
PrefixV6: prefix6,
IPAllocation: IPAllocationStrategy(alloc),
Expand Down

0 comments on commit 39bd024

Please sign in to comment.