registry: Allow include safe origins to restricted url

  Include restrict origin for getIPv6Address getIPv4Information getIPv4Prefix methods

re6st/cli/registry.py

@@ -104,6 +104,8 @@ def main():
         help="Reject nodes that are too old. Current is %s." % version.protocol)
     _('--disable-token-by-mail', action='store_false',
          help="Disable send new tokens by Mail.")
+    _('--authorized-origin', action='append', default=['127.0.0.1', '::1'],
+        help="Authorized origin to access origin restricted API. ")
     _ = parser.add_argument_group('routing').add_argument
     _('--hello', type=int, default=15,
         help="Hello interval in seconds, for both wired and wireless"

re6st/registry.py

@@ -235,16 +235,14 @@ class RegistryServer(object):
             self.timeout = not_after and not_after + GRACE_PERIOD
 
     def handle_request(self, request, method, kw,
-                       _localhost=('127.0.0.1', '::1')):
+                       _localhost=[]):
         m = getattr(self, method)
-        authorized_origin = ["10.0.228.20"] + list(_localhost)
-        if method in ('revoke', 'versions', 'topology', 'requestAddToken'):
+        authorized_origin =  self.config.authorized_origin + list(_localhost)
+        if method in ('revoke', 'versions', 'topology', 'requestAddToken',
+            'getIPv6Address', 'getIPv4Information', 'getIPv4Prefix'):
             x_forwarded_for = request.headers.get('X-Forwarded-For')
             if request.client_address[0] not in authorized_origin or \
                x_forwarded_for and x_forwarded_for not in authorized_origin:
-                logging.warning("X-Forward-For %s " % x_forwarded_for)
-                logging.warning("request.client_address[0] %s " % request.client_address[0])
-
                 return request.send_error(httplib.FORBIDDEN)
         key = m.getcallargs(**kw).get('cn')
         if key: