Skip to content

Instantly share code, notes, and snippets.

@tomasinouk
Last active October 11, 2022 08:39
Show Gist options
  • Save tomasinouk/782fb3e7a6bc0413c270e83f8bcabbea to your computer and use it in GitHub Desktop.
Save tomasinouk/782fb3e7a6bc0413c270e83f8bcabbea to your computer and use it in GitHub Desktop.
CORS on OpenWRT UCI

To implement Cross-Origin Resource Sharing (CORS) on OpenWRT within Luci is actually simple.

After very long search, I have found code in uHTTPd on gitlab, which clearly shows option for CORS. I haven't found anything, which would describe how to actually configure it.

There is nothing in uHTTPd documentation describing this functionally, /etc/config/uhttpd does not mention anything either.

Luckily, you can have a look into how the process is starting and what parameters is checking.

doing

cat /etc/init.d/uhttpd | grep cors
		append_bool "$cfg" ubus_cors "-X" 0

I have found configuration parameter, which I can set in /etc/config/uhttpd This means, I can append another option to my configuration file.

config uhttpd 'main'
	option ubus_cors '1'

The Response Headers would changed to

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=20
Access-Control-Allow-Origin: http://localhost:8081
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 0

longer version would include

look into uhttpd main.c code

[https://github.com/mmaraya/uhttpd2/blob/master/main.c]

and check for function, which is checking the supplied parameters.

snippet from that section

#ifdef HAVE_UBUS
		"	-u string       URL prefix for UBUS via JSON-RPC handler\n"
		"	-U file         Override ubus socket path\n"
		"	-a              Do not authenticate JSON-RPC requests against UBUS session api\n"
		"	-X		Enable CORS HTTP headers on JSON-RPC api\n"

You can see that I need to run uhttpd with opton -X to enable CORS. from here I searched in runtime for checking parameters.

@rhyttr
Copy link

rhyttr commented Jun 1, 2017

Hi, Thankyou for sharing!
Is there a way to enable CORS of CGI http?

@tomasinouk
Copy link
Author

Hi, I would say yes. When I was looking for this solution I saw, someone doing via enabling lua and using lua script to inject appropriate header to the respond.

I am sorry, but that is all what I can come up with at the moment.

@nickrod518
Copy link

Hi, I've gone down quite the rabbit hole trying to enable CORS for CGI. I'm trying to enable access to my modem via an iframe (inside Organizr), which requires X-Frame-Options to be set to ALLOW or Access-Control-Allow-Origin to be set to "*". Just commenting here since it was the most closely related resource I could find. Maybe one day someone else will stumble upon this and provide an answer.

@hagaygo
Copy link

hagaygo commented Jun 30, 2022

Hi,

Tested this solution in order to make a "web"version of https://github.com/hagaygo/OpenWRTManager

Compiling the app to run as a "web site"causes CORS check of the browser to kick in.

Tested on openwrt 21/22 setups on my place and it seems the above solution does not add the needed headers at all , does it still work on your case ? maybe i am missing something.

@tomasinouk
Copy link
Author

tomasinouk commented Oct 11, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment