summaryrefslogtreecommitdiffstats
path: root/api/context.go
diff options
context:
space:
mode:
authorJoram Wilander <jwawilander@gmail.com>2016-03-04 08:08:55 -0500
committerJoram Wilander <jwawilander@gmail.com>2016-03-04 08:08:55 -0500
commitd1b1148ea8a0290a66ef7c75d1910c2558fa6186 (patch)
tree50a696f00700fca4f82459a1a7475d7bba6fcc4c /api/context.go
parent763a477c3f5de5180d5302186e06d740f8834446 (diff)
parent6b1abb404fc823be1bd0e2eeb21faaec25d03c99 (diff)
downloadchat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.tar.gz
chat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.tar.bz2
chat-d1b1148ea8a0290a66ef7c75d1910c2558fa6186.zip
Merge pull request #2307 from ZBoxApp/PLT-2112
PLT-2112: Allow CORS
Diffstat (limited to 'api/context.go')
-rw-r--r--api/context.go34
1 files changed, 34 insertions, 0 deletions
diff --git a/api/context.go b/api/context.go
index 9e05c5d87..edcdcbfef 100644
--- a/api/context.go
+++ b/api/context.go
@@ -21,6 +21,15 @@ import (
var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE)
+var allowedMethods []string = []string{
+ "POST",
+ "GET",
+ "OPTIONS",
+ "PUT",
+ "PATCH",
+ "DELETE",
+}
+
type Context struct {
Session model.Session
RequestId string
@@ -234,6 +243,31 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}
+func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+ if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 {
+ origin := r.Header.Get("Origin")
+ if *utils.Cfg.ServiceSettings.AllowCorsFrom == "*" || strings.Contains(*utils.Cfg.ServiceSettings.AllowCorsFrom, origin) {
+ w.Header().Set("Access-Control-Allow-Origin", origin)
+
+ if r.Method == "OPTIONS" {
+ w.Header().Set(
+ "Access-Control-Allow-Methods",
+ strings.Join(allowedMethods, ", "))
+
+ w.Header().Set(
+ "Access-Control-Allow-Headers",
+ r.Header.Get("Access-Control-Request-Headers"))
+ }
+ }
+ }
+
+ if r.Method == "OPTIONS" {
+ return
+ }
+
+ cw.router.ServeHTTP(w, r)
+}
+
func GetProtocol(r *http.Request) string {
if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" {
return "https"