CORS support

Fix #530

gns3server/web/response.py

@@ -37,7 +37,6 @@ class Response(aiohttp.web.Response):
         self._route = route
         self._output_schema = output_schema
         self._request = request
-        headers['Access-Control-Allow-Origin'] = '*'
         headers['X-Route'] = self._route
         headers['Server'] = "Python/{0[0]}.{0[1]} GNS3/{1}".format(sys.version_info, __version__)
         super().__init__(headers=headers, **kwargs)

gns3server/web/web_server.py

@@ -24,6 +24,7 @@ import sys
 import signal
 import asyncio
 import aiohttp
+import aiohttp_cors
 import functools
 import types
 import time
@@ -207,9 +208,14 @@ class WebServer:
             log.debug("ENV %s=%s", key, val)
 
         app = aiohttp.web.Application()
+        # Allow CORS for this domains
+        cors = aiohttp_cors.setup(app, defaults={
+            # Default web server for web gui dev
+            "http://localhost:8080": aiohttp_cors.ResourceOptions(expose_headers="*", allow_headers="*")
+        })
         for method, route, handler in Route.get_routes():
             log.debug("Adding route: {} {}".format(method, route))
-            app.router.add_route(method, route, handler)
+            cors.add(app.router.add_route(method, route, handler))
         for module in MODULES:
             log.debug("Loading module {}".format(module.__name__))
             m = module.instance()

requirements.txt

@@ -1,5 +1,6 @@
 jsonschema>=2.4.0
 aiohttp>=0.21.5
+aiohttp_cors>=0.4.0
 Jinja2>=2.7.3
 raven>=5.2.0
 psutil>=3.0.0