Skip to content
This repository was archived by the owner on Oct 23, 2023. It is now read-only.

Support CORS #28

Closed
blankdots opened this issue Nov 1, 2018 · 2 comments
Closed

Support CORS #28

blankdots opened this issue Nov 1, 2018 · 2 comments
Labels
enhancement New feature or request

Comments

@blankdots
Copy link
Contributor

blankdots commented Nov 1, 2018
edited
Loading

Description

As per: https://github.com/ga4gh-beacon/specification/blob/develop/beacon.md#cors

Beacon API SHOULD support cross-origin resource sharing (CORS) and follow GA4GH CORS recommendations.

This might be of use: https://github.com/aio-libs/aiohttp-cors
Utilised in beacon_aggregator https://github.com/CSCfi/beacon-openshift

DoD (Definition of Done)

Support for CORS implemented.

Testing

Unit Tests .
@teemukataja
Copy link
Contributor

teemukataja commented Nov 9, 2018
edited
Loading

In the future the querying domains (Beacon Aggregators) will be fetched from a Beacon Registry API, and therefore we should be able to set up CORS for multiple domains.

I tested this, and it worked in the following manner:

import aiohttp_cors
from aiohttp import web

def set_cors(server):
    """Set CORS rules."""
    # In the future, domains are fetched from Beacon registry API
    domains = ['localhost:5000', 'localhost:6000', 'localhost:7000']
    cors_domains = {}
    for domain in domains:
        cors_domains[domain] = aiohttp_cors.ResourceOptions(
                                    allow_credentials=True,
                                    expose_headers="*",
                                    allow_headers="*",
                                )
    cors = aiohttp_cors.setup(server, defaults=cors_domains)

    for route in list(server.router.routes()):
        cors.add(route)


def init():
    """Initialise server."""
    server = web.Application()
    server.router.add_routes(routes)
    set_cors(server)
    return server

Omitted other code, like endpoints and server startup.

The CORS rules must be added in the server initialisation phase.

We could test this by setting up a few beacon-aggregator instances in different URLs, and enabling only few of them in beacon-python and see if the listed aggregators can query the beacon and the unlisted aggregators are blocked.

@blankdots
Copy link
Contributor Author

blankdots commented Nov 12, 2018
edited
Loading

We should be able to control this list of domains, without much hassle, preferably on the fly :) but yeah, if there is an idea add it.
I see a issue on their board that might affect us in terms of authentication: aio-libs/aiohttp-cors#193 and we need to see if it is the case.

We might need to do it custom if that is the case, a basic idea: https://gist.github.com/espretto/919a64d6a48e06da0fcf26ea70a50a93 (first google result :) )

teemukataja added a commit that referenced this issue Nov 12, 2018
@teemukataja
test implementation of cors #28
ae94920
@teemukataja teemukataja mentioned this issue Nov 12, 2018
Merged
@blankdots blankdots added the enhancement New feature or request label Nov 23, 2018
MalinAhlberg pushed a commit to NBISweden/beacon-python that referenced this issue Mar 18, 2019
@teemukataja @MalinAhlberg
test implementation of cors CSCfi#28
09fff14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blankdots @teemukataja