Add Cors Handler

2 files changed, 46 insertions, 1 deletions

diff --git a/api/context.go b/api/context.go
index 91b11670b..918ba3557 100644
--- a/api/context.go
+++ b/api/context.go
@@ -238,6 +238,47 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func (cw *CorsWrapper) ServeHTTP(
+	w http.ResponseWriter,
+	r *http.Request) {
+	allowedMethods := []string{
+		"POST",
+		"GET",
+		"OPTIONS",
+		"PUT",
+		"PATCH",
+		"DELETE",
+	}
+
+	allowedHeaders := []string{
+		"Accept",
+		"Content-Type",
+		"Content-Length",
+		"Accept-Encoding",
+		"Authorization",
+		"X-CSRF-Token",
+		"X-Auth-Token",
+	}
+
+	if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 {
+		w.Header().Set("Access-Control-Allow-Origin", *utils.Cfg.ServiceSettings.AllowCorsFrom)
+
+		w.Header().Set(
+			"Access-Control-Allow-Methods",
+			strings.Join(allowedMethods, ", "))
+
+		w.Header().Set(
+			"Access-Control-Allow-Headers",
+			strings.Join(allowedHeaders, ", "))
+	}
+
+	if r.Method == "OPTIONS" {
+		return
+	}
+
+	cw.router.ServeHTTP(w, r)
+}
+
 func GetProtocol(r *http.Request) string {
 	if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" {
 		return "https"
diff --git a/api/server.go b/api/server.go
index 070ed7a70..40d6ef3d2 100644
--- a/api/server.go
+++ b/api/server.go
@@ -21,6 +21,10 @@ type Server struct {
 	Router *mux.Router
 }
 
+type CorsWrapper struct {
+	router *mux.Router
+}
+
 var Srv *Server
 
 func NewServer() {
@@ -65,7 +69,7 @@ func StartServer() {
 			throttled.DefaultDeniedHandler.ServeHTTP(w, r)
 		})
 
-		handler = th.Throttle(Srv.Router)
+		handler = th.Throttle(&CorsWrapper{Srv.Router})
 	}
 
 	go func() {