[IIIF-188] refactor, set header also on redirect page

Author: FrancescoMolinaro

server.ts

@@ -90,7 +90,7 @@ const _window = domino.createWindow(indexHtml);
 // The REST server base URL
 const REST_BASE_URL = environment.rest.ssrBaseUrl || environment.rest.baseUrl;
 
-const IIIF_ALLOWED_ORIGINS = environment.mirador.allowedOrigins;
+const IIIF_ALLOWED_ORIGINS = environment.rest.allowedOrigins || [];
 
 // Assign the DOM window and document objects to the global object
 (_window as any).screen = {deviceXDPI: 0, logicalXDPI: 0};

src/app/core/services/server-hard-redirect.service.ts

@@ -17,6 +17,7 @@ import {
 } from '../../../express.tokens';
 import { isNotEmpty } from '../../shared/empty.util';
 import { HardRedirectService } from './hard-redirect.service';
+import { ServerResponseService } from './server-response.service';
 
 /**
  * Service for performing hard redirects within the server app module
@@ -28,6 +29,7 @@ export class ServerHardRedirectService extends HardRedirectService {
     @Inject(APP_CONFIG) protected appConfig: AppConfig,
     @Inject(REQUEST) protected req: Request,
     @Inject(RESPONSE) protected res: Response,
+    private responseService: ServerResponseService,
   ) {
     super();
   }
@@ -72,8 +74,10 @@ export class ServerHardRedirectService extends HardRedirectService {
 
       console.info(`Redirecting from ${this.req.url} to ${redirectUrl} with ${status}`);
 
+      this.setCorsHeader();
+
       this.res.redirect(status, redirectUrl);
-      this.res.end();
+      //this.res.end();
       // I haven't found a way to correctly stop Angular rendering.
       // So we just let it end its work, though we have already closed
       // the response.
@@ -96,4 +100,17 @@ export class ServerHardRedirectService extends HardRedirectService {
   getCurrentOrigin(): string {
     return this.req.protocol + '://' + this.req.headers.host;
   }
+
+  /**
+   * Set CORS header to allow embedding of redirected content
+   */
+  setCorsHeader() {
+    const currentOrigin = this.getCurrentOrigin();
+    const allowedOrigins = this.appConfig.rest.allowedOrigins;
+
+    if (currentOrigin && allowedOrigins?.length && allowedOrigins.includes(currentOrigin)) {
+      console.info('Setting cors header for origin ', currentOrigin);
+      this.responseService.setHeader('Access-Control-Allow-Origin', currentOrigin);
+    }
+  }
 }

src/config/default-app-config.ts

@@ -943,7 +943,6 @@ export class DefaultAppConfig implements AppConfig {
 
   mirador: MiradorConfig = {
     enableDownloadPlugin: true,
-    allowedOrigins: []
   };
 
   loader: LoaderConfig = {

src/config/mirador-config.interfaces.ts

@@ -2,5 +2,4 @@ import { Config } from './config.interface';
 
 export interface MiradorConfig extends Config {
   enableDownloadPlugin: boolean;
-  allowedOrigins: string[];
 }

src/config/server-config.interface.ts

@@ -10,4 +10,5 @@ export class ServerConfig implements Config {
   // This boolean will be automatically set on server startup based on whether "baseUrl" and "ssrBaseUrl"
   // have different values.
   public hasSsrBaseUrl?: boolean;
+  public allowedOrigins?: string[];
 }

src/environments/environment.test.ts

@@ -711,7 +711,6 @@ export const environment: BuildConfig = {
 
   mirador: {
     enableDownloadPlugin: true,
-    allowedOrigins: []
   },
 
   loader: {