diff options
author | Joram Wilander <jwawilander@gmail.com> | 2016-03-04 08:08:55 -0500 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2016-03-04 08:08:55 -0500 |
commit | d1b1148ea8a0290a66ef7c75d1910c2558fa6186 (patch) | |
tree | 50a696f00700fca4f82459a1a7475d7bba6fcc4c /api/context.go | |
parent | 763a477c3f5de5180d5302186e06d740f8834446 (diff) | |
parent | 6b1abb404fc823be1bd0e2eeb21faaec25d03c99 (diff) | |
download | chat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.tar.gz chat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.tar.bz2 chat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.zip |
Merge pull request #2307 from ZBoxApp/PLT-2112
PLT-2112: Allow CORS
Diffstat (limited to 'api/context.go')
-rw-r--r-- | api/context.go | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/api/context.go b/api/context.go index 9e05c5d87..edcdcbfef 100644 --- a/api/context.go +++ b/api/context.go @@ -21,6 +21,15 @@ import ( var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE) +var allowedMethods []string = []string{ + "POST", + "GET", + "OPTIONS", + "PUT", + "PATCH", + "DELETE", +} + type Context struct { Session model.Session RequestId string @@ -234,6 +243,31 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } +func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 { + origin := r.Header.Get("Origin") + if *utils.Cfg.ServiceSettings.AllowCorsFrom == "*" || strings.Contains(*utils.Cfg.ServiceSettings.AllowCorsFrom, origin) { + w.Header().Set("Access-Control-Allow-Origin", origin) + + if r.Method == "OPTIONS" { + w.Header().Set( + "Access-Control-Allow-Methods", + strings.Join(allowedMethods, ", ")) + + w.Header().Set( + "Access-Control-Allow-Headers", + r.Header.Get("Access-Control-Request-Headers")) + } + } + } + + if r.Method == "OPTIONS" { + return + } + + cw.router.ServeHTTP(w, r) +} + func GetProtocol(r *http.Request) string { if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" { return "https" |