diff options
-rw-r--r-- | api/context.go | 41 | ||||
-rw-r--r-- | api/server.go | 6 |
2 files changed, 46 insertions, 1 deletions
diff --git a/api/context.go b/api/context.go index 91b11670b..918ba3557 100644 --- a/api/context.go +++ b/api/context.go @@ -238,6 +238,47 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } +func (cw *CorsWrapper) ServeHTTP( + w http.ResponseWriter, + r *http.Request) { + allowedMethods := []string{ + "POST", + "GET", + "OPTIONS", + "PUT", + "PATCH", + "DELETE", + } + + allowedHeaders := []string{ + "Accept", + "Content-Type", + "Content-Length", + "Accept-Encoding", + "Authorization", + "X-CSRF-Token", + "X-Auth-Token", + } + + if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 { + w.Header().Set("Access-Control-Allow-Origin", *utils.Cfg.ServiceSettings.AllowCorsFrom) + + w.Header().Set( + "Access-Control-Allow-Methods", + strings.Join(allowedMethods, ", ")) + + w.Header().Set( + "Access-Control-Allow-Headers", + strings.Join(allowedHeaders, ", ")) + } + + if r.Method == "OPTIONS" { + return + } + + cw.router.ServeHTTP(w, r) +} + func GetProtocol(r *http.Request) string { if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" { return "https" diff --git a/api/server.go b/api/server.go index 070ed7a70..40d6ef3d2 100644 --- a/api/server.go +++ b/api/server.go @@ -21,6 +21,10 @@ type Server struct { Router *mux.Router } +type CorsWrapper struct { + router *mux.Router +} + var Srv *Server func NewServer() { @@ -65,7 +69,7 @@ func StartServer() { throttled.DefaultDeniedHandler.ServeHTTP(w, r) }) - handler = th.Throttle(Srv.Router) + handler = th.Throttle(&CorsWrapper{Srv.Router}) } go func() { |