Support setting a specific allowed origin for CORS purposes

Author: simonpoole

README.md

@@ -56,7 +56,7 @@ To use an older version of ElasticSearch please download the data from [here](ht
 
 Check the URL `http://localhost:2322/api?q=berlin` to see if photon is running without problems. You may want to use our [leaflet plugin](https://github.com/komoot/leaflet.photon) to see the results on a map.
 
-To enable CORS (cross-site requests), use `-cors`. By default, CORS is disabled.
+To enable CORS (cross-site requests), use `-cors-any` to allow any origin or `-cors-origin` with a specific origin as the argument. By default, CORS support is disabled.
 
 discover more of photon's feature with its usage `java -jar photon-*.jar -h`.
 

src/main/java/de/komoot/photon/App.java

@@ -27,6 +27,9 @@ public static void main(String[] rawArgs) throws Exception {
         final JCommander jCommander = new JCommander(args);
         try {
             jCommander.parse(rawArgs);
+            if (args.isCorsAnyOrigin() && args.getCorsOrigin() != null) { // these are mutually exclusive
+                throw new ParameterException("Use only one cors configuration type");
+            }
         } catch (ParameterException e) {
             log.warn("could not start photon: " + e.getMessage());
             jCommander.usage();
@@ -138,8 +141,9 @@ private static void startApi(CommandLineArgs args, Client esNodeClient) {
         port(args.getListenPort());
         ipAddress(args.getListenIp());
 
-        if (args.isCors()) {
-            CorsFilter.enableCORS("*", "get", "*");
+        String allowedOrigin = args.isCorsAnyOrigin() ? "*" : args.getCorsOrigin();
+        if (allowedOrigin != null) {
+            CorsFilter.enableCORS(allowedOrigin, "get", "*");
         } else {
             before((request, response) -> {
                 response.type("application/json"); // in the other case set by enableCors

src/main/java/de/komoot/photon/CommandLineArgs.java

@@ -56,8 +56,11 @@ public class CommandLineArgs {
     @Parameter(names = "-listen-ip", description = "listen to address (default '0.0.0.0')")
     private String listenIp = "0.0.0.0";
 
-    @Parameter(names = "-cors", description = "enable cross-site resource sharing (default disabled)")
-    private boolean cors = false;
+    @Parameter(names = "-cors-any", description = "enable cross-site resource sharing foe any origin ((default CORS not supported)")
+    private boolean corsAnyOrigin = false;
+    
+    @Parameter(names = "-cors-origin", description = "enable cross-site resource sharing for the specified origin (default CORS not supported)")
+    private String corsOrigin = null;
 
     @Parameter(names = "-h", description = "show help / usage")
     private boolean usage = false;