From eb59f497fd3efe7eab90c80da8f8cd7db5e3e3cc Mon Sep 17 00:00:00 2001
From: aleem1314 <aleem@vitwit.com>
Date: Thu, 10 Jun 2021 18:14:04 +0530
Subject: [PATCH 1/7] add  EnableUnsafeCORS

---
 server/grpc/grpc_web.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/server/grpc/grpc_web.go b/server/grpc/grpc_web.go
index 67dc4364a80f..e98793a1c87d 100644
--- a/server/grpc/grpc_web.go
+++ b/server/grpc/grpc_web.go
@@ -11,7 +11,16 @@ import (
 
 // StartGRPCWeb starts a gRPC-Web server on the given address.
 func StartGRPCWeb(grpcSrv *grpc.Server, config config.Config) (*http.Server, error) {
-	wrappedServer := grpcweb.WrapServer(grpcSrv)
+	var options []grpcweb.Option
+	if config.API.EnableUnsafeCORS {
+		options = []grpcweb.Option{
+			grpcweb.WithOriginFunc(func(origin string) bool {
+				return true
+			}),
+		}
+	}
+
+	wrappedServer := grpcweb.WrapServer(grpcSrv, options...)
 	handler := func(resp http.ResponseWriter, req *http.Request) {
 		wrappedServer.ServeHTTP(resp, req)
 	}

From f6bdfc8e8173401ef63a3a3e0b0188a8e3900f53 Mon Sep 17 00:00:00 2001
From: aleem1314 <aleem@vitwit.com>
Date: Mon, 14 Jun 2021 12:08:31 +0530
Subject: [PATCH 2/7] review changes

---
 server/grpc/grpc_web.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/grpc/grpc_web.go b/server/grpc/grpc_web.go
index e98793a1c87d..8466ca34720d 100644
--- a/server/grpc/grpc_web.go
+++ b/server/grpc/grpc_web.go
@@ -13,11 +13,11 @@ import (
 func StartGRPCWeb(grpcSrv *grpc.Server, config config.Config) (*http.Server, error) {
 	var options []grpcweb.Option
 	if config.API.EnableUnsafeCORS {
-		options = []grpcweb.Option{
+		options = append(options,
 			grpcweb.WithOriginFunc(func(origin string) bool {
 				return true
 			}),
-		}
+		)
 	}
 
 	wrappedServer := grpcweb.WrapServer(grpcSrv, options...)

From 7c9b3973a808e02baf3194eaad09f81c8a49fbd1 Mon Sep 17 00:00:00 2001
From: aleem1314 <aleem@vitwit.com>
Date: Mon, 14 Jun 2021 16:20:04 +0530
Subject: [PATCH 3/7] add EnableUnsafeCORS flag to grpc-web config

---
 server/config/config.go | 8 ++++++--
 server/config/toml.go   | 3 +++
 server/grpc/grpc_web.go | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/config/config.go b/server/config/config.go
index 8f1c47e88d2c..9fa007a9850a 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -140,6 +140,9 @@ type GRPCWebConfig struct {
 
 	// Address defines the gRPC-web server to listen on
 	Address string `mapstructure:"address"`
+
+	// EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk)
+	EnableUnsafeCORS bool `mapstructure:"enabled-unsafe-cors"`
 }
 
 // StateSyncConfig defines the state sync snapshot configuration.
@@ -297,8 +300,9 @@ func GetConfig(v *viper.Viper) Config {
 			Address: v.GetString("grpc.address"),
 		},
 		GRPCWeb: GRPCWebConfig{
-			Enable:  v.GetBool("grpc-web.enable"),
-			Address: v.GetString("grpc-web.address"),
+			Enable:           v.GetBool("grpc-web.enable"),
+			Address:          v.GetString("grpc-web.address"),
+			EnableUnsafeCORS: v.GetBool("grpc-web.enabled-unsafe-cors"),
 		},
 		StateSync: StateSyncConfig{
 			SnapshotInterval:   v.GetUint64("state-sync.snapshot-interval"),
diff --git a/server/config/toml.go b/server/config/toml.go
index 88197defe91b..9186090a1383 100644
--- a/server/config/toml.go
+++ b/server/config/toml.go
@@ -184,6 +184,9 @@ enable = {{ .GRPCWeb.Enable }}
 # Address defines the gRPC-web server address to bind to.
 address = "{{ .GRPCWeb.Address }}"
 
+# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk).
+enabled-unsafe-cors = {{ .GRPCWeb.EnableUnsafeCORS }}
+
 ###############################################################################
 ###                        State Sync Configuration                         ###
 ###############################################################################
diff --git a/server/grpc/grpc_web.go b/server/grpc/grpc_web.go
index 8466ca34720d..593779835a78 100644
--- a/server/grpc/grpc_web.go
+++ b/server/grpc/grpc_web.go
@@ -12,7 +12,7 @@ import (
 // StartGRPCWeb starts a gRPC-Web server on the given address.
 func StartGRPCWeb(grpcSrv *grpc.Server, config config.Config) (*http.Server, error) {
 	var options []grpcweb.Option
-	if config.API.EnableUnsafeCORS {
+	if config.GRPCWeb.EnableUnsafeCORS {
 		options = append(options,
 			grpcweb.WithOriginFunc(func(origin string) bool {
 				return true

From ae0b4ad2f1dbfdbfd61c3b2f33667a4eef437818 Mon Sep 17 00:00:00 2001
From: MD Aleem <72057206+aleem1314@users.noreply.github.com>
Date: Tue, 15 Jun 2021 19:12:15 +0530
Subject: [PATCH 4/7] Update server/config/config.go

Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
---
 server/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/config/config.go b/server/config/config.go
index 9fa007a9850a..a9e253c36cd9 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -142,7 +142,7 @@ type GRPCWebConfig struct {
 	Address string `mapstructure:"address"`
 
 	// EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk)
-	EnableUnsafeCORS bool `mapstructure:"enabled-unsafe-cors"`
+	EnableUnsafeCORS bool `mapstructure:"enable-unsafe-cors"`
 }
 
 // StateSyncConfig defines the state sync snapshot configuration.

From e069fcd0393f5060eadc25140d844ba6c46a9d4e Mon Sep 17 00:00:00 2001
From: MD Aleem <72057206+aleem1314@users.noreply.github.com>
Date: Tue, 15 Jun 2021 19:12:22 +0530
Subject: [PATCH 5/7] Update server/config/toml.go

Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
---
 server/config/toml.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/config/toml.go b/server/config/toml.go
index 9186090a1383..d2eb2601e911 100644
--- a/server/config/toml.go
+++ b/server/config/toml.go
@@ -185,7 +185,7 @@ enable = {{ .GRPCWeb.Enable }}
 address = "{{ .GRPCWeb.Address }}"
 
 # EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk).
-enabled-unsafe-cors = {{ .GRPCWeb.EnableUnsafeCORS }}
+enable-unsafe-cors = {{ .GRPCWeb.EnableUnsafeCORS }}
 
 ###############################################################################
 ###                        State Sync Configuration                         ###

From f2de803e622aa1cc954dec6e94eff30e5874d920 Mon Sep 17 00:00:00 2001
From: MD Aleem <72057206+aleem1314@users.noreply.github.com>
Date: Tue, 15 Jun 2021 19:12:31 +0530
Subject: [PATCH 6/7] Update server/config/config.go

Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
---
 server/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/config/config.go b/server/config/config.go
index a9e253c36cd9..907e64a63490 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -302,7 +302,7 @@ func GetConfig(v *viper.Viper) Config {
 		GRPCWeb: GRPCWebConfig{
 			Enable:           v.GetBool("grpc-web.enable"),
 			Address:          v.GetString("grpc-web.address"),
-			EnableUnsafeCORS: v.GetBool("grpc-web.enabled-unsafe-cors"),
+			EnableUnsafeCORS: v.GetBool("grpc-web.enable-unsafe-cors"),
 		},
 		StateSync: StateSyncConfig{
 			SnapshotInterval:   v.GetUint64("state-sync.snapshot-interval"),

From ce8691f71f236a9f8517012754ecc15c9f87bc97 Mon Sep 17 00:00:00 2001
From: aleem1314 <aleem@vitwit.com>
Date: Wed, 16 Jun 2021 15:41:37 +0530
Subject: [PATCH 7/7] update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47325522b72f..d45704258035 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -131,6 +131,7 @@ if input key is empty, or input data contains empty key.
 
 ### Improvements
 
+* (gRPC-Web) [\#9493](https://github.com/cosmos/cosmos-sdk/pull/9493) Add `EnableUnsafeCORS` flag to grpc-web config.
 * (store) [\#9403](https://github.com/cosmos/cosmos-sdk/pull/9403) Add `RefundGas` function to `GasMeter` interface
 * (baseapp, types) [\#9390](https://github.com/cosmos/cosmos-sdk/pull/9390) Add current block header hash to `Context`
 * (x/staking) [\#9423](https://github.com/cosmos/cosmos-sdk/pull/9423) Staking delegations now returns empty list instead of rpc error when no records found.