diff --git a/README.md b/README.md index afb7f8f..884e46a 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,14 @@ $ curl -sL https://deb.nodesource.com/setup_11.x | sudo -E bash - and then proceed as above :) If you connect to the raspberry pi over ssh, you might want to run the `saxi` server inside a tmux or screen session to have it stay running even if your ssh session disconnects. +#### CORS +If you want to connect to saxi from a web page that isn't served by saxi +itself, you'll need to enable +[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), otherwise +GET/POST requests will be denied by the browser. CORS is disabled by default as +a security precaution, but if you need it it's available. Just launch saxi with +the `--enable-cors` flag. + ### Info saxi makes use of the low-level `LM` command introduced in EBB firmware version diff --git a/package-lock.json b/package-lock.json index d1a1d63..aa63e3d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -129,6 +129,15 @@ "@types/node": "*" } }, + "@types/cors": { + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.4.tgz", + "integrity": "sha512-ipZjBVsm2tF/n8qFGOuGBkUij9X9ZswVi9G3bx/6dz7POpVa6gVHcj1wsX/LVEn9MMF41fxK/PnZPPoTD1UFPw==", + "dev": true, + "requires": { + "@types/express": "*" + } + }, "@types/events": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/@types/events/-/events-3.0.0.tgz", @@ -1412,6 +1421,15 @@ "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" }, + "cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "requires": { + "object-assign": "^4", + "vary": "^1" + } + }, "create-ecdh": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.3.tgz", diff --git a/package.json b/package.json index f26e1e1..99fa17f 100644 --- a/package.json +++ b/package.json @@ -29,6 +29,7 @@ "license": "AGPL-3.0-only", "devDependencies": { "@rehooks/component-size": "^1.0.2", + "@types/cors": "^2.8.4", "@types/express": "^4.16.1", "@types/node": "^10.12.18", "@types/react": "^16.7.20", @@ -53,6 +54,7 @@ "webpack-dev": "^1.1.1" }, "dependencies": { + "cors": "^2.8.5", "express": "^4.16.4", "serialport": "^7.1.3", "ws": "^6.1.3", diff --git a/src/cli.ts b/src/cli.ts index 739e8e9..0b61ad6 100644 --- a/src/cli.ts +++ b/src/cli.ts @@ -14,6 +14,10 @@ export function cli(argv: string[]): void { describe: "device to connect to", type: "string" }) + .option("enable-cors", { + describe: "enable cross-origin resource sharing (CORS)", + type: "boolean" + }) .option("firmware-version", { describe: "print the device's firmware version and exit", type: "boolean" @@ -31,6 +35,6 @@ export function cli(argv: string[]): void { await ebb.close(); }); } else { - startServer(args.port, args.device); + startServer(args.port, args.device, args["enable-cors"]); } } diff --git a/src/server.ts b/src/server.ts index ebe81ab..62b6b1c 100644 --- a/src/server.ts +++ b/src/server.ts @@ -1,3 +1,4 @@ +import cors from "cors"; import express from "express"; import http from "http"; import path from "path"; @@ -6,11 +7,14 @@ import { EBB } from "./ebb"; import { Device, PenMotion, Plan } from "./planning"; import { formatDuration } from "./util"; -export function startServer(port: number, device: string | null = null) { +export function startServer(port: number, device: string | null = null, enableCors: boolean = false) { const app = express(); app.use("/", express.static(path.join(__dirname, "..", "ui"))); app.use(express.json({limit: "100mb"})); + if (enableCors) { + app.use(cors()); + } const server = http.createServer(app); const wss = new WebSocket.Server({ server });