From bcfe7c0d2115942e5c49c93d02a4cfd7f6653647 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Fri, 4 Dec 2020 18:26:55 -0700
Subject: [PATCH] dynamic cors policy

---
 agent/config/settings.yml  |  1 -
 agent/src/Lib/WebServer.hs | 24 ++++++++++++------------
 agent/src/Settings.hs      |  2 --
 3 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/agent/config/settings.yml b/agent/config/settings.yml
index d7996e304..44077a87c 100644
--- a/agent/config/settings.yml
+++ b/agent/config/settings.yml
@@ -28,7 +28,6 @@ detailed-logging: "_env:DETAILED_LOGGING:false"
 
 # NB: If you need a numeric value (e.g. 123) to parse as a String, wrap it in single quotes (e.g. "_env:YESOD_PGPASS:'123'")
 # See https://github.com/yesodweb/yesod/wiki/Configuration#parsing-numeric-values-as-strings
-cors-override-star: "_env:CORS_OVERRIDE_STAR:"
 filesystem-base: "_env:FILESYSTEM_BASE:/"
 database:
   database: "start9_agent.sqlite3"
diff --git a/agent/src/Lib/WebServer.hs b/agent/src/Lib/WebServer.hs
index 56e1314d9..8fd825cee 100644
--- a/agent/src/Lib/WebServer.hs
+++ b/agent/src/Lib/WebServer.hs
@@ -64,20 +64,11 @@ mkYesodDispatch "AgentCtx" resourcesAgentCtx
 instance YesodSubDispatch Auth AgentCtx where
     yesodSubDispatch = $(mkYesodSubDispatch resourcesAuth)
 
--- | Convert our foundation to a WAI Application by calling @toWaiAppPlain@ and
--- applying some additional middlewares.
-makeApplication :: AgentCtx -> IO Application
-makeApplication foundation = do
-    logWare <- makeLogWare foundation
-    -- Create the WAI application and apply middlewares
-    appPlain <- toWaiAppPlain foundation
-    let origin = case appCorsOverrideStar $ appSettings foundation of
-            Nothing -> Nothing
-            Just override -> Just ([encodeUtf8 override], True)
-    pure . logWare . cors (const . Just $ policy origin) . defaultMiddlewaresNoLogging $ appPlain
+dynamicCorsResourcePolicy :: Request -> Maybe CorsResourcePolicy
+dynamicCorsResourcePolicy req = Just . policy $ requestHeaderHost req
     where
         policy o = simpleCorsResourcePolicy
-            { corsOrigins        = o
+            { corsOrigins        = (\o' -> ([o'], True)) <$> o
             , corsMethods        = ["GET", "POST", "HEAD", "PUT", "DELETE", "TRACE", "CONNECT", "OPTIONS", "PATCH"]
             , corsRequestHeaders = [ "app-version"
                                    , "Accept"
@@ -138,6 +129,15 @@ makeApplication foundation = do
             , corsIgnoreFailures = True
             }
 
+-- | Convert our foundation to a WAI Application by calling @toWaiAppPlain@ and
+-- applying some additional middlewares.
+makeApplication :: AgentCtx -> IO Application
+makeApplication foundation = do
+    logWare <- makeLogWare foundation
+    -- Create the WAI application and apply middlewares
+    appPlain <- toWaiAppPlain foundation
+    pure . logWare . cors dynamicCorsResourcePolicy . defaultMiddlewaresNoLogging $ appPlain
+
 startWeb :: AgentCtx -> IO ()
 startWeb foundation = do
     app <- makeApplication foundation
diff --git a/agent/src/Settings.hs b/agent/src/Settings.hs
index 27635482f..46ef7fad9 100644
--- a/agent/src/Settings.hs
+++ b/agent/src/Settings.hs
@@ -41,7 +41,6 @@ data AppSettings = AppSettings
     -- ^ Should all log messages be displayed?
     , appMgrVersionSpec         :: VersionRange
     , appFilesystemBase         :: Text
-    , appCorsOverrideStar       :: Maybe Text
     }
     deriving Show
 
@@ -64,7 +63,6 @@ instance FromJSON AppSettings where
 
         appMgrVersionSpec         <- o .: "app-mgr-version-spec"
         appFilesystemBase         <- o .: "filesystem-base"
-        appCorsOverrideStar       <- o .:? "cors-override-star"
         return AppSettings { .. }
 
 -- | Raw bytes at compile time of @config/settings.yml@