From 0bc69018a6854e9c3f1db3b75d978671e23701e5 Mon Sep 17 00:00:00 2001
From: Nikhil Sinha <nikhil.sinha@cloudsurfex.com>
Date: Tue, 9 Jul 2024 13:15:34 +0530
Subject: [PATCH] configure CORS with env var set P_CORS to false to allow on
 origin mismatch default is set to true to block on origin mismatch

Fixes: #697
---
 server/src/cli.rs           | 18 ++++++++++++++++++
 server/src/handlers/http.rs |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/server/src/cli.rs b/server/src/cli.rs
index 961274035..cec579e9a 100644
--- a/server/src/cli.rs
+++ b/server/src/cli.rs
@@ -98,6 +98,9 @@ pub struct Cli {
 
     /// Size for local cache
     pub query_cache_size: u64,
+
+    /// CORS behaviour
+    pub cors: bool,
 }
 
 impl Cli {
@@ -130,6 +133,7 @@ impl Cli {
     pub const DEFAULT_USERNAME: &'static str = "admin";
     pub const DEFAULT_PASSWORD: &'static str = "admin";
     pub const FLIGHT_PORT: &'static str = "flight-port";
+    pub const CORS: &'static str = "cors";
 
     pub fn local_stream_data_path(&self, stream_name: &str) -> PathBuf {
         self.local_staging_path.join(stream_name)
@@ -316,6 +320,16 @@ impl Cli {
                     .value_parser(value_parser!(u16))
                     .help("Port for Arrow Flight Querying Engine"),
             )
+            .arg(
+                Arg::new(Self::CORS)
+                .long(Self::CORS)
+                .env("P_CORS")
+                .value_name("BOOL")
+                .required(false)
+                .default_value("true")
+                .value_parser(value_parser!(bool))
+                .help("Enable/Disable CORS, default disabled"),
+            )
             .arg(
                 Arg::new(Self::LIVETAIL_CAPACITY)
                     .long(Self::LIVETAIL_CAPACITY)
@@ -451,6 +465,10 @@ impl FromArgMatches for Cli {
             .get_one::<u16>(Self::FLIGHT_PORT)
             .cloned()
             .expect("default for flight port");
+        self.cors = m
+            .get_one::<bool>(Self::CORS)
+            .cloned()
+            .expect("default for CORS");
         self.livetail_channel_capacity = m
             .get_one::<usize>(Self::LIVETAIL_CAPACITY)
             .cloned()
diff --git a/server/src/handlers/http.rs b/server/src/handlers/http.rs
index 211d7d17d..24e8564e9 100644
--- a/server/src/handlers/http.rs
+++ b/server/src/handlers/http.rs
@@ -54,7 +54,7 @@ pub fn metrics_path() -> String {
 }
 
 pub(crate) fn cross_origin_config() -> Cors {
-    if cfg!(feature = "debug") {
+    if !CONFIG.parseable.cors || cfg!(feature = "debug") {
         Cors::permissive().block_on_origin_mismatch(false)
     } else {
         Cors::default().block_on_origin_mismatch(false)