1 files changed, 34 insertions, 0 deletions

diff --git a/api/context.go b/api/context.go
index 9e05c5d87..edcdcbfef 100644
--- a/api/context.go
+++ b/api/context.go
@@ -21,6 +21,15 @@ import (
 
 var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE)
 
+var allowedMethods []string = []string{
+	"POST",
+	"GET",
+	"OPTIONS",
+	"PUT",
+	"PATCH",
+	"DELETE",
+}
+
 type Context struct {
 	Session           model.Session
 	RequestId         string
@@ -234,6 +243,31 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 {
+		origin := r.Header.Get("Origin")
+		if *utils.Cfg.ServiceSettings.AllowCorsFrom == "*" || strings.Contains(*utils.Cfg.ServiceSettings.AllowCorsFrom, origin) {
+			w.Header().Set("Access-Control-Allow-Origin", origin)
+
+			if r.Method == "OPTIONS" {
+				w.Header().Set(
+					"Access-Control-Allow-Methods",
+					strings.Join(allowedMethods, ", "))
+
+				w.Header().Set(
+					"Access-Control-Allow-Headers",
+					r.Header.Get("Access-Control-Request-Headers"))
+			}
+		}
+	}
+
+	if r.Method == "OPTIONS" {
+		return
+	}
+
+	cw.router.ServeHTTP(w, r)
+}
+
 func GetProtocol(r *http.Request) string {
 	if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" {
 		return "https"