Merge pull request #2019 from ipfs/Dignifiedquire-fix/access-controll-headers

Dignifiedquire fix/access controll headers

commands/http/handler.go

@@ -255,6 +255,11 @@ func sendResponse(w http.ResponseWriter, r *http.Request, res cmds.Response, req
 	h.Set(contentTypeHeader, mime)
 	h.Set(transferEncodingHeader, "chunked")
 
+	// set 'allowed' headers
+	h.Set("Access-Control-Allow-Headers", "X-Stream-Output, X-Chunked-Output")
+	// expose those headers
+	h.Set("Access-Control-Expose-Headers", "X-Stream-Output, X-Chunked-Output")
+
 	if r.Method == "HEAD" { // after all the headers.
 		return
 	}

commands/http/handler_test.go

@@ -11,6 +11,8 @@ import (
 	coremock "github.com/ipfs/go-ipfs/core/mock"
 )
 
+const AllowedExposedHeaders = "X-Stream-Output, X-Chunked-Output"
+
 func assertHeaders(t *testing.T, resHeaders http.Header, reqHeaders map[string]string) {
 	for name, value := range reqHeaders {
 		if resHeaders.Get(name) != value {
@@ -170,7 +172,7 @@ func TestAllowedOrigins(t *testing.T) {
 				ACAMethods:                      "",
 				ACACredentials:                  "",
 				"Access-Control-Max-Age":        "",
-				"Access-Control-Expose-Headers": "",
+				"Access-Control-Expose-Headers": AllowedExposedHeaders,
 			},
 			Code: http.StatusOK,
 		}
@@ -198,7 +200,7 @@ func TestWildcardOrigin(t *testing.T) {
 				ACAMethods:                      "",
 				ACACredentials:                  "",
 				"Access-Control-Max-Age":        "",
-				"Access-Control-Expose-Headers": "",
+				"Access-Control-Expose-Headers": AllowedExposedHeaders,
 			},
 			Code: http.StatusOK,
 		}
@@ -258,7 +260,7 @@ func TestAllowedReferer(t *testing.T) {
 				ACAMethods:                      "",
 				ACACredentials:                  "",
 				"Access-Control-Max-Age":        "",
-				"Access-Control-Expose-Headers": "",
+				"Access-Control-Expose-Headers": AllowedExposedHeaders,
 			},
 			Code: http.StatusOK,
 		}
@@ -286,7 +288,7 @@ func TestWildcardReferer(t *testing.T) {
 				ACAMethods:                      "",
 				ACACredentials:                  "",
 				"Access-Control-Max-Age":        "",
-				"Access-Control-Expose-Headers": "",
+				"Access-Control-Expose-Headers": AllowedExposedHeaders,
 			},
 			Code: http.StatusOK,
 		}

core/corehttp/gateway_handler.go

@@ -134,6 +134,11 @@ func (i *gatewayHandler) getOrHeadHandler(w http.ResponseWriter, r *http.Request
 	i.addUserHeaders(w) // ok, _now_ write user's headers.
 	w.Header().Set("X-IPFS-Path", urlPath)
 
+	// set 'allowed' headers
+	w.Header().Set("Access-Control-Allow-Headers", "X-Stream-Output, X-Chunked-Output")
+	// expose those headers
+	w.Header().Set("Access-Control-Expose-Headers", "X-Stream-Output, X-Chunked-Output")
+
 	// Suborigin header, sandboxes apps from each other in the browser (even
 	// though they are served from the same gateway domain).
 	//

test/sharness/t0230-channel-streaming-http-content-type.sh

@@ -21,6 +21,8 @@ test_ls_cmd() {
 
 	test_expect_success "Text encoded channel-streaming command output looks good" '
 		printf "HTTP/1.1 200 OK\r\n" >expected_output &&
+		printf "Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output\r\n" >>expected_output &&
+		printf "Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output\r\n" >>expected_output &&
 		printf "Content-Type: text/plain\r\n" >>expected_output &&
 		printf "Trailer: X-Stream-Error\r\n" >>expected_output &&
 		printf "Transfer-Encoding: chunked\r\n" >>expected_output &&
@@ -41,6 +43,8 @@ test_ls_cmd() {
 
 	test_expect_success "JSON encoded channel-streaming command output looks good" '
 		printf "HTTP/1.1 200 OK\r\n" >expected_output &&
+		printf "Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output\r\n" >>expected_output &&
+		printf "Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output\r\n" >>expected_output &&
 		printf "Content-Type: application/json\r\n" >>expected_output &&
 		printf "Trailer: X-Stream-Error\r\n" >>expected_output &&
 		printf "Transfer-Encoding: chunked\r\n" >>expected_output &&