Forward origin header from incoming requests (#100)

klaidliadon · web-flow · commit 311f7e4a0ac6 · 2025-11-03T19:16:05.000+01:00
diff --git a/rpc/access/middleware.go b/rpc/access/middleware.go
@@ -51,6 +51,10 @@ func accessKeyMiddleware(next http.Handler) http.Handler {
 		if accessKey != "" {
 			ctx = tenant.WithAccessKey(ctx, accessKey)
 		}
+		origin := r.Header.Get("origin")
+		if origin != "" {
+			ctx = tenant.WithOrigin(ctx, origin)
+		}
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
diff --git a/rpc/tenant/context.go b/rpc/tenant/context.go
@@ -10,6 +10,7 @@ type contextKeyType string
 
 var (
 	accessKeyCtxKey = contextKeyType("access-key")
+	originKeyCtxKey = contextKeyType("origin")
 	tenantCtxKey    = contextKeyType("tenant-data")
 )
 
@@ -26,3 +27,12 @@ func AccessKeyFromContext(ctx context.Context) string {
 func WithAccessKey(ctx context.Context, accessKey string) context.Context {
 	return context.WithValue(ctx, accessKeyCtxKey, accessKey)
 }
+
+func OriginFromContext(ctx context.Context) string {
+	v, _ := ctx.Value(originKeyCtxKey).(string)
+	return v
+}
+
+func WithOrigin(ctx context.Context, origin string) context.Context {
+	return context.WithValue(ctx, originKeyCtxKey, origin)
+}
diff --git a/rpc/waasapi/waasapi.go b/rpc/waasapi/waasapi.go
@@ -21,10 +21,12 @@ func Context(ctx context.Context, optJwtToken ...string) context.Context {
 	waasHeader := http.Header{}
 	waasHeader.Set("Authorization", "BEARER "+jwtToken)
 
-	accessKey := tenant.AccessKeyFromContext(ctx)
-	if accessKey != "" {
+	if accessKey := tenant.AccessKeyFromContext(ctx); accessKey != "" {
 		waasHeader.Set("X-Access-Key", accessKey)
 	}
+	if origin := tenant.OriginFromContext(ctx); origin != "" {
+		waasHeader.Set("Origin", origin)
+	}
 
 	waasCtx, err := proto_wallet.WithHTTPRequestHeaders(ctx, waasHeader)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,10 @@ func accessKeyMiddleware(next http.Handler) http.Handler {`
`51`	`51`	`if accessKey != "" {`
`52`	`52`	`ctx = tenant.WithAccessKey(ctx, accessKey)`
`53`	`53`	`}`
	`54`	`+ origin := r.Header.Get("origin")`
	`55`	`+ if origin != "" {`
	`56`	`+ ctx = tenant.WithOrigin(ctx, origin)`
	`57`	`+ }`
`54`	`58`	`next.ServeHTTP(w, r.WithContext(ctx))`
`55`	`59`	`})`
`56`	`60`	`}`