Added CORS support via 'corsAllowOrigin' configuration option (WebSer…

…vice)

MIG/Gateways/WebServiceGateway.cs

@@ -40,6 +40,8 @@ limitations under the License.
 using System.Diagnostics;
 using System.Net.NetworkInformation;
 
+using WebSocketSharp;
+
 namespace MIG.Gateways
 {
 
@@ -100,7 +102,8 @@ public class WebServiceGateway : IMigGateway, IDisposable
         private string servicePort = "8080";
         private string serviceUsername = "admin";
         private string servicePassword = "";
-        private bool enableFileCache = false;
+        private string corsAllowOrigin = "*";
+        private bool enableFileCache;
 
         private Encoding defaultWebFileEncoding = Encoding.GetEncoding("UTF-8");
 
@@ -142,6 +145,9 @@ public void OnSetOption(Option option)
                 ClearWebCache();
                 bool.TryParse(option.Value, out enableFileCache);
                 break;
+            case "corsAllowOrigin":
+                corsAllowOrigin = option.Value;
+                break;
             default:
                 if (option.Name.StartsWith("HttpCacheIgnore."))
                     HttpCacheIgnoreAdd(option.Value);
@@ -241,10 +247,23 @@ private void Worker(object state)
                 string remoteAddress = request.RemoteEndPoint.Address.ToString();
                 string logExtras = "";
                 //
-                if (servicePassword == "" || requestHasAuthorizationHeader) //request.IsAuthenticated)
+                if (servicePassword.IsNullOrEmpty() || requestHasAuthorizationHeader) //request.IsAuthenticated)
                 {
                     bool verified = false;
                     //
+                    if (!String.IsNullOrEmpty(corsAllowOrigin))
+                    {
+                        if (requestHasAuthorizationHeader)
+                        {
+                            response.Headers.Set("Access-Control-Allow-Origin", corsAllowOrigin != "*" ? corsAllowOrigin : request.UrlReferrer.Scheme + "://" + request.UrlReferrer.Host + ":" + request.UrlReferrer.Port);
+                            response.Headers.Set("Access-Control-Allow-Credentials", "true");
+                        }
+                        else
+                        {
+                            response.Headers.Set("Access-Control-Allow-Origin", corsAllowOrigin);
+                        }
+                    }
+                    //
                     string authUser = "";
                     string authPass = "";
                     //
@@ -267,7 +286,7 @@ private void Worker(object state)
                     //
                     //TODO: complete authorization (for now with one fixed user 'admin', add multiuser support)
                     //
-                    if (servicePassword == "" || authUser == serviceUsername && Utility.Encryption.SHA1.GenerateHashString(authPass) == servicePassword)
+                    if (servicePassword.IsNullOrEmpty() || authUser == serviceUsername && Utility.Encryption.SHA1.GenerateHashString(authPass) == servicePassword)
                     {
                         verified = true;
                     }
@@ -595,7 +614,6 @@ private void HandleEventsRoute(HttpListenerRequest request, HttpListenerResponse
             response.ContentType = "text/event-stream";
             response.Headers.Set(HttpResponseHeader.CacheControl, "no-cache, no-store, must-revalidate");
             response.Headers.Set(HttpResponseHeader.Pragma, "no-cache");
-            response.Headers.Set("Access-Control-Allow-Origin", "*");
 
             // 2K padding for IE
             var padding = ":" + new String(' ', 2048) + "\n";

README.md

@@ -100,10 +100,12 @@ Option List
 
 - BaseUrl (base url for HTML files)
 - HomePath (folder where to get HTML files from)
-- Host (host name or IP - use * for any)
-- Port (TCP port)
-- Password (currently only support single user *admin*)
-- EnableFileCaching (*True* or *False*)
+- Host (host name or IP - use `*` for any)
+- Port (TCP port, default: *`80`*)
+- Username
+- Password
+- EnableFileCaching (*`True`* or *`False`*, default: *`False`*)
+- corsAllowOrigin (default: *`*`*)
 
 Example
 ```csharp
@@ -120,6 +122,8 @@ web.SetOption("Port", "8080");
 web.SetOption("Password", ""); 
 // disable file caching
 web.SetOption("EnableFileCaching", "False"); 
+// disable CORS
+web.SetOption("corsAllowOrigin", ""); 
 ```
 
 ### WebSocketGateway
@@ -188,16 +192,15 @@ Run `Install-Package MIG` in the [Package Manager Console](http://docs.nuget.org
 
 ## Related Projects
 
-- https://github.com/genielabs/mig-protocols
-- https://github.com/genielabs/mig-protocols-mqttbroker
-- https://github.com/genielabs/mig-controllers-lircremote
-- https://github.com/genielabs/mig-homeauto
+- https://github.com/genielabs/mig-homeauto (x10/Z-Wave)
 - https://github.com/genielabs/mig-homeauto-insteon
-- https://github.com/genielabs/mig-homeauto-w800rf32
-- https://github.com/genielabs/mig-media-v4lcamera
-- https://github.com/genielabs/mig-sbc-weecoboard
+- https://github.com/genielabs/mig-protocols (UPnP/DLNA)
+- https://github.com/genielabs/mig-protocols-mqttbroker
+- https://github.com/genemars/mig-controllers-lircremote
+- https://github.com/genemars/mig-homeauto-w800rf32
+- https://github.com/genemars/mig-media-v4lcamera
+- https://github.com/genemars/mig-sbc-weecoboard
 
 ## License
 
 MIG is open source software, licensed under the terms of Apache license 2.0. See the [LICENSE](LICENSE) file for details.
-