Allow allowedOrigin to be configured on container startup (#6894)

* This allows allowedOrigin to be configured on container startup

* Allow for all forms of allowedOrigin values

* Update readme.md

docker/Dockerfile

@@ -70,6 +70,7 @@ ENV SESSION_KEY=""
 ENV REVERSE_PROXY="false"
 ENV REVERSE_PROXY_TLS_PORT=""
 ENV ARGS=""
+ENV ALLOWED_ORIGIN="false"
 
 RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
     && [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \

docker/config.json.template

@@ -25,7 +25,8 @@
       "NewAccounts": true,
       "localSessionRecording": true,
       "_userNameIsEmail": true,
-      "_certUrl": "my.reverse.proxy"
+      "_certUrl": "my.reverse.proxy",
+      "allowedOrigin": false
     }
   },
   "_letsencrypt": {

docker/readme.md

@@ -47,6 +47,9 @@ LOCALSESSIONRECORDING=false
 MINIFY=true
 # set this value to add extra arguments to meshcentral on startup (e.g --debug ldap)
 ARGS=
+# set to the hostname(s) meshcentral will be reachable on, or true to disable origin checking
+# forms allowed "hostname" or "hostname1,hostname2" or ["hostname1","hostname2"]
+ALLOWED_ORIGIN=false
 ```
 
 ## docker-compose.yml

docker/startup.sh

@@ -21,6 +21,11 @@ else
     sed -i "s/\"minify\": false/\"minify\": $MINIFY/" meshcentral-data/"${CONFIG_FILE}"
     sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/"${CONFIG_FILE}"
     sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/"${CONFIG_FILE}"
+    if [[ "$ALLOWED_ORIGIN" =~ ^\[.*\]|^true|^false ]]; then
+        sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": $ALLOWED_ORIGIN/" meshcentral-data/"${CONFIG_FILE}"
+    else
+        sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": \"$ALLOWED_ORIGIN\"/" meshcentral-data/"${CONFIG_FILE}"
+    fi
     if [ -z "$SESSION_KEY" ]; then
         SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 48 | head -n 1)"
     fi