Add CORS origin management

shynet/analytics/views/ingress.py

@@ -8,7 +8,9 @@ from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView, View
+from django.core.cache import cache
 from ipware import get_client_ip
+from core.models import Service
 
 from ..tasks import ingress_request
 
@@ -58,8 +60,15 @@ class PixelView(View):
 @method_decorator(csrf_exempt, name="dispatch")
 class ScriptView(View):
     def dispatch(self, request, *args, **kwargs):
+        service_uuid = self.kwargs.get("service_uuid")
+        origins = cache.get(f"service_origins_{service_uuid}")
+        if origins is None:
+            service = Service.objects.get(uuid=service_uuid)
+            origins = service.origins
+            cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)
+
         resp = super().dispatch(request, *args, **kwargs)
-        resp["Access-Control-Allow-Origin"] = "*"
+        resp["Access-Control-Allow-Origin"] = origins
         resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
         resp[
             "Access-Control-Allow-Headers"

shynet/dashboard/views.py

@@ -12,6 +12,7 @@ from django.views.generic import (
     UpdateView,
 )
 from rules.contrib.views import PermissionRequiredMixin
+from django.core.cache import cache
 
 from analytics.models import Session
 from core.models import Service
@@ -77,6 +78,13 @@ class ServiceUpdateView(
     def get_success_url(self):
         return reverse("dashboard:service", kwargs={"pk": self.object.uuid})
 
+    def form_valid(self, *args, **kwargs):
+        resp = super().form_valid(*args, **kwargs)
+        cache.set(
+            f"service_origins_{self.object.uuid}", self.object.origins, timeout=3600
+        )
+        return resp
+
 
 class ServiceDeleteView(
     LoginRequiredMixin, PermissionRequiredMixin, SuccessMessageMixin, DeleteView