CORS on OpenWRT UCI

CORS_on_OpenWRT_UCI.md

To implement Cross-Origin Resource Sharing (CORS) on OpenWRT within Luci is actually simple.

After very long search, I have found code in uHTTPd on gitlab, which clearly shows option for CORS. I haven't found anything, which would describe how to actually configure it.

There is nothing in uHTTPd documentation describing this functionally, /etc/config/uhttpd does not mention anything either.

Luckily, you can have a look into how the process is starting and what parameters is checking.

doing

cat /etc/init.d/uhttpd | grep cors
		append_bool "$cfg" ubus_cors "-X" 0

I have found configuration parameter, which I can set in /etc/config/uhttpd This means, I can append another option to my configuration file.

config uhttpd 'main'
	option ubus_cors '1'

The Response Headers would changed to

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=20
Access-Control-Allow-Origin: http://localhost:8081
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 0

longer version would include

look into uhttpd main.c code

[https://github.com/mmaraya/uhttpd2/blob/master/main.c]

and check for function, which is checking the supplied parameters.

snippet from that section

#ifdef HAVE_UBUS
		"	-u string       URL prefix for UBUS via JSON-RPC handler\n"
		"	-U file         Override ubus socket path\n"
		"	-a              Do not authenticate JSON-RPC requests against UBUS session api\n"
		"	-X		Enable CORS HTTP headers on JSON-RPC api\n"

You can see that I need to run uhttpd with opton -X to enable CORS. from here I searched in runtime for checking parameters.

Hi, Thankyou for sharing!
Is there a way to enable CORS of CGI http?

Hi, I would say yes. When I was looking for this solution I saw, someone doing via enabling lua and using lua script to inject appropriate header to the respond.

I am sorry, but that is all what I can come up with at the moment.

Hi, I've gone down quite the rabbit hole trying to enable CORS for CGI. I'm trying to enable access to my modem via an iframe (inside Organizr), which requires X-Frame-Options to be set to ALLOW or Access-Control-Allow-Origin to be set to "*". Just commenting here since it was the most closely related resource I could find. Maybe one day someone else will stumble upon this and provide an answer.

Hi,

Tested this solution in order to make a "web"version of https://github.com/hagaygo/OpenWRTManager

Compiling the app to run as a "web site"causes CORS check of the browser to kick in.

Tested on openwrt 21/22 setups on my place and it seems the above solution does not add the needed headers at all , does it still work on your case ? maybe i am missing something.

I am sorry, I do not have the device anymore as it was done for a project at that time.

…

On Thu, 30 June 2022, 5:45 pm Hagay Goshen, ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Hi, Tested this solution in order to make a "web"version of https://github.com/hagaygo/OpenWRTManager Compiling the app to run as a "web site"causes CORS check of the browser to kick in. Tested on openwrt 21/22 setups on my place and it seems the above solution does not add the needed headers at all , does it still work on your case ? maybe i am missing something. — Reply to this email directly, view it on GitHub <https://gist.github.com/782fb3e7a6bc0413c270e83f8bcabbea#gistcomment-4217230>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABKVVW6KU2EOHF5KGNNS4UDVRVF7XANCNFSM4NFSA7WA> . You are receiving this because you authored the thread.Message ID: ***@***.***>