diff options
author | Christopher Speller <crspeller@gmail.com> | 2017-11-13 09:09:58 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-13 09:09:58 -0800 |
commit | 1329aa51b605cb54ba9aae3a82a0a87b881fb7b3 (patch) | |
tree | 93cbf354ab894a560fc2cef8ef685d681b4ff889 /vendor/github.com/gorilla/handlers/cors.go | |
parent | 7304a61ef597970be3031b14e652fb3a4df44304 (diff) | |
download | chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.tar.gz chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.tar.bz2 chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.zip |
Updating server dependancies. (#7816)
Diffstat (limited to 'vendor/github.com/gorilla/handlers/cors.go')
-rw-r--r-- | vendor/github.com/gorilla/handlers/cors.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/vendor/github.com/gorilla/handlers/cors.go b/vendor/github.com/gorilla/handlers/cors.go index 1f92d1ad4..1cf7581ce 100644 --- a/vendor/github.com/gorilla/handlers/cors.go +++ b/vendor/github.com/gorilla/handlers/cors.go @@ -110,7 +110,17 @@ func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set(corsVaryHeader, corsOriginHeader) } - w.Header().Set(corsAllowOriginHeader, origin) + returnOrigin := origin + for _, o := range ch.allowedOrigins { + // A configuration of * is different than explicitly setting an allowed + // origin. Returning arbitrary origin headers an an access control allow + // origin header is unsafe and is not required by any use case. + if o == corsOriginMatchAll { + returnOrigin = "*" + break + } + } + w.Header().Set(corsAllowOriginHeader, returnOrigin) if r.Method == corsOptionMethod { return |