diff --git a/go.mod b/go.mod index a3dc07254..409a78710 100644 --- a/go.mod +++ b/go.mod @@ -31,6 +31,7 @@ require ( github.com/pion/webrtc/v3 v3.1.14-0.20220107154618-d4b645635c44 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.0 + github.com/rs/cors v1.8.2 github.com/rs/zerolog v1.26.0 github.com/stretchr/testify v1.7.0 github.com/thoas/go-funk v0.8.0 diff --git a/go.sum b/go.sum index 8bfcdbde1..30e0120be 100644 --- a/go.sum +++ b/go.sum @@ -233,6 +233,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= +github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.26.0 h1:ORM4ibhEZeTeQlCojCK2kPz1ogAY4bGs4tD+SaAdGaE= github.com/rs/zerolog v1.26.0/go.mod h1:yBiM87lvSqX8h0Ww4sdzNSkVYZ8dL2xjZJG1lAuGZEo= diff --git a/pkg/service/server.go b/pkg/service/server.go index 32a4cf530..93dfe8d87 100644 --- a/pkg/service/server.go +++ b/pkg/service/server.go @@ -16,6 +16,7 @@ import ( "github.com/livekit/protocol/utils" "github.com/pion/turn/v2" "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/rs/cors" "github.com/urfave/negroni" "github.com/livekit/livekit-server/pkg/config" @@ -63,6 +64,10 @@ func NewLivekitServer(conf *config.Config, middlewares := []negroni.Handler{ // always first negroni.NewRecovery(), + // CORS is allowed, we rely on token authentication to prevent improper use + cors.New(cors.Options{ + AllowedOrigins: []string{"*"}, + }), } if keyProvider != nil { middlewares = append(middlewares, NewAPIKeyAuthMiddleware(keyProvider)) @@ -109,6 +114,10 @@ func (s *LivekitServer) Node() *livekit.Node { return s.currentNode } +func (s *LivekitServer) HTTPPort() int { + return int(s.config.Port) +} + func (s *LivekitServer) IsRunning() bool { return s.running.Get() } diff --git a/test/singlenode_test.go b/test/singlenode_test.go index c847b5232..d3ce432ca 100644 --- a/test/singlenode_test.go +++ b/test/singlenode_test.go @@ -2,6 +2,8 @@ package test import ( "context" + "fmt" + "net/http" "strings" "testing" "time" @@ -304,3 +306,20 @@ func TestSingleNodeRoomList(t *testing.T) { roomServiceListRoom(t) } + +// Ensure that CORS headers are returned +func TestSingleNodeCORS(t *testing.T) { + if testing.Short() { + t.SkipNow() + return + } + s, finish := setupSingleNodeTest("TestSingleNodeCORS", testRoom) + defer finish() + + req, err := http.NewRequest("GET", fmt.Sprintf("http://localhost:%d", s.HTTPPort()), nil) + require.NoError(t, err) + req.Header.Set("Origin", "testhost.com") + res, err := http.DefaultClient.Do(req) + require.NoError(t, err) + require.Equal(t, "*", res.Header.Get("Access-Control-Allow-Origin")) +}