From d2d36bbfae9dcb734721586423374aa22323a315 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Wed, 3 Jan 2024 19:12:21 +0000
Subject: [PATCH 1/2] Add changes from previous console platforms variable PR

See https://github.com/appwrite/appwrite/pull/4581
---
 .env                           |  2 +-
 app/config/variables.php       |  2 +-
 tests/e2e/General/HTTPTest.php | 46 ++++++++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/.env b/.env
index f34ce80ce8..8a7a53e6f4 100644
--- a/.env
+++ b/.env
@@ -4,7 +4,7 @@ _APP_WORKER_PER_CORE=6
 _APP_CONSOLE_WHITELIST_ROOT=disabled
 _APP_CONSOLE_WHITELIST_EMAILS=
 _APP_CONSOLE_WHITELIST_IPS=
-_APP_CONSOLE_HOSTNAMES=
+_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io
 _APP_SYSTEM_EMAIL_NAME=Appwrite
 _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
 _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
diff --git a/app/config/variables.php b/app/config/variables.php
index 7bf41f7967..533a85a840 100644
--- a/app/config/variables.php
+++ b/app/config/variables.php
@@ -127,7 +127,7 @@ return [
             [
                 'name' => '_APP_CONSOLE_HOSTNAMES',
                 'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.',
-                'introduction' => '',
+                'introduction' => '1.5.0',
                 'default' => '',
                 'required' => false,
                 'question' => '',
diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php
index f83f28c26d..bf8f6de279 100644
--- a/tests/e2e/General/HTTPTest.php
+++ b/tests/e2e/General/HTTPTest.php
@@ -171,4 +171,50 @@ class HTTPTest extends Scope
 
         $this->assertEquals(200, $response['headers']['status-code']);
     }
+
+    public function testCors()
+    {
+        /**
+         * Test for SUCCESS
+         */
+
+        $endpoint = '/v1/projects'; // Can be any non-404 route
+
+        $response = $this->client->call(Client::METHOD_GET, $endpoint);
+
+        $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
+
+        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
+            'origin' => 'http://localhost',
+        ]);
+
+        $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
+
+        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
+            'origin' => 'http://appwrite.io',
+        ]);
+
+        $this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']);
+
+        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
+            'origin' => 'https://appwrite.io',
+        ]);
+
+        $this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']);
+
+        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
+            'origin' => 'http://cloud.appwrite.io',
+        ]);
+
+        $this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']);
+
+        /**
+         * Test for FAILURE
+         */
+        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
+            'origin' => 'http://google.com',
+        ]);
+
+        $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
+    }
 }

From 0c3ed13ad3f3129fe82e697aa3b560425378519f Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Wed, 3 Jan 2024 19:25:54 +0000
Subject: [PATCH 2/2] Fix _APP_CONSOLE_HOSTNAMES check

Ensure invalid hostnames such as empty strings are not added as a
hostname.
---
 app/init.php | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/init.php b/app/init.php
index d8accbc55d..0e9f16d6d6 100644
--- a/app/init.php
+++ b/app/init.php
@@ -81,6 +81,7 @@ use Utopia\Queue\Connection;
 use Utopia\Storage\Storage;
 use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub;
 use Utopia\Validator\Range;
+use Utopia\Validator\Hostname;
 use Utopia\Validator\IP;
 use Utopia\Validator\URL;
 use Utopia\Validator\WhiteList;
@@ -928,15 +929,18 @@ App::setResource('clients', function ($request, $console, $project) {
     ], Document::SET_TYPE_APPEND);
 
     $hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', ''));
-    if (is_array($hostnames)) {
-        foreach ($hostnames as $hostname) {
-            $console->setAttribute('platforms', [
-                '$collection' => ID::custom('platforms'),
-                'type' => Origin::CLIENT_TYPE_WEB,
-                'name' => $hostname,
-                'hostname' => $hostname,
-            ], Document::SET_TYPE_APPEND);
+    $validator = new Hostname();
+    foreach ($hostnames as $hostname) {
+        $hostname = trim($hostname);
+        if (!$validator->isValid($hostname)) {
+            continue;
         }
+        $console->setAttribute('platforms', [
+            '$collection' => ID::custom('platforms'),
+            'type' => Origin::CLIENT_TYPE_WEB,
+            'name' => $hostname,
+            'hostname' => $hostname,
+        ], Document::SET_TYPE_APPEND);
     }
 
     /**