Echo CORS request headers by default (#10221)

cmichi · ascjones · commit 940a88fa4e8f · 2019-01-21T10:30:24.000Z
* Echo CORS request headers by default More details in #6616. * fixup: Single line
diff --git a/ethcore/res/ethereum/tests b/ethcore/res/ethereum/tests
@@ -1 +1 @@
-Subproject commit 420f443477caa8516f1f9ee8122fafc3415c0f34
+Subproject commit 2cd62aeec11da29766b30d500f2b9a96f1f28cf0
diff --git a/rpc/src/lib.rs b/rpc/src/lib.rs
@@ -114,7 +114,7 @@ pub use ipc::{Server as IpcServer, MetaExtractor as IpcMetaExtractor, RequestCon
 pub use http::{
 	hyper,
 	RequestMiddleware, RequestMiddlewareAction,
-	AccessControlAllowOrigin, Host, DomainsValidation
+	AccessControlAllowOrigin, Host, DomainsValidation, cors::AccessControlAllowHeaders
 };
 
 pub use v1::{NetworkSettings, Metadata, Origin, informant, dispatch, signer};
@@ -151,6 +151,7 @@ pub fn start_http<M, S, H, T>(
 		.cors(cors_domains.into())
 		.allowed_hosts(allowed_hosts.into())
 		.health_api(("/api/health", "parity_nodeStatus"))
+		.cors_allow_headers(AccessControlAllowHeaders::Any)
 		.max_request_body_size(max_payload * 1024 * 1024)
 		.start_http(addr)?)
 }
@@ -180,6 +181,7 @@ pub fn start_http_with_middleware<M, S, H, T, R>(
 		.threads(threads)
 		.cors(cors_domains.into())
 		.allowed_hosts(allowed_hosts.into())
+		.cors_allow_headers(AccessControlAllowHeaders::Any)
 		.max_request_body_size(max_payload * 1024 * 1024)
 		.request_middleware(middleware)
 		.start_http(addr)?)
diff --git a/rpc/src/tests/rpc.rs b/rpc/src/tests/rpc.rs
@@ -116,4 +116,31 @@ mod tests {
 		res.assert_status("HTTP/1.1 200 OK");
 		assert_eq!(res.body, expected);
 	}
+
+	#[test]
+	fn should_respond_valid_to_any_requested_header() {
+		// given
+		let (server, address) = serve();
+		let headers = "Something, Anything, Xyz, 123, _?";
+
+		// when
+		let res = request(server,
+		&format!("\
+				OPTIONS / HTTP/1.1\r\n\
+				Host: {}\r\n\
+				Origin: http://parity.io\r\n\
+				Content-Length: 0\r\n\
+				Content-Type: application/json\r\n\
+				Connection: close\r\n\
+				Access-Control-Request-Headers: {}\r\n\
+				\r\n\
+			", address, headers)
+		);
+
+		// then
+		assert_eq!(res.status, "HTTP/1.1 200 OK".to_owned());
+		let expected = format!("access-control-allow-headers: {}", headers);
+		assert!(res.headers.contains(&expected), "Headers missing in {:?}", res.headers);
+	}
+
 }
