diff --git a/.env b/.env index f34ce80ce8..8a7a53e6f4 100644 --- a/.env +++ b/.env @@ -4,7 +4,7 @@ _APP_WORKER_PER_CORE=6 _APP_CONSOLE_WHITELIST_ROOT=disabled _APP_CONSOLE_WHITELIST_EMAILS= _APP_CONSOLE_WHITELIST_IPS= -_APP_CONSOLE_HOSTNAMES= +_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io _APP_SYSTEM_EMAIL_NAME=Appwrite _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io diff --git a/app/config/variables.php b/app/config/variables.php index 7bf41f7967..533a85a840 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -127,7 +127,7 @@ return [ [ 'name' => '_APP_CONSOLE_HOSTNAMES', 'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.', - 'introduction' => '', + 'introduction' => '1.5.0', 'default' => '', 'required' => false, 'question' => '', diff --git a/app/init.php b/app/init.php index d8accbc55d..0e9f16d6d6 100644 --- a/app/init.php +++ b/app/init.php @@ -81,6 +81,7 @@ use Utopia\Queue\Connection; use Utopia\Storage\Storage; use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub; use Utopia\Validator\Range; +use Utopia\Validator\Hostname; use Utopia\Validator\IP; use Utopia\Validator\URL; use Utopia\Validator\WhiteList; @@ -928,15 +929,18 @@ App::setResource('clients', function ($request, $console, $project) { ], Document::SET_TYPE_APPEND); $hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', '')); - if (is_array($hostnames)) { - foreach ($hostnames as $hostname) { - $console->setAttribute('platforms', [ - '$collection' => ID::custom('platforms'), - 'type' => Origin::CLIENT_TYPE_WEB, - 'name' => $hostname, - 'hostname' => $hostname, - ], Document::SET_TYPE_APPEND); + $validator = new Hostname(); + foreach ($hostnames as $hostname) { + $hostname = trim($hostname); + if (!$validator->isValid($hostname)) { + continue; } + $console->setAttribute('platforms', [ + '$collection' => ID::custom('platforms'), + 'type' => Origin::CLIENT_TYPE_WEB, + 'name' => $hostname, + 'hostname' => $hostname, + ], Document::SET_TYPE_APPEND); } /** diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index f83f28c26d..bf8f6de279 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -171,4 +171,50 @@ class HTTPTest extends Scope $this->assertEquals(200, $response['headers']['status-code']); } + + public function testCors() + { + /** + * Test for SUCCESS + */ + + $endpoint = '/v1/projects'; // Can be any non-404 route + + $response = $this->client->call(Client::METHOD_GET, $endpoint); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://localhost', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://appwrite.io', + ]); + + $this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'https://appwrite.io', + ]); + + $this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://cloud.appwrite.io', + ]); + + $this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://google.com', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + } }