2021-12-21 13:16:54 +00:00
|
|
|
package middlewares
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-17 06:02:13 +00:00
|
|
|
// CORSMiddleware is a middleware to add cors headers
|
2021-12-21 13:16:54 +00:00
|
|
|
func CORSMiddleware() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
origin := c.Request.Header.Get("Origin")
|
|
|
|
|
|
|
|
|
|
if utils.IsValidOrigin(origin) {
|
|
|
|
|
c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
|
2022-04-10 09:13:19 +00:00
|
|
|
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With, X-authorizer-url")
|
2021-12-21 13:16:54 +00:00
|
|
|
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
|
|
|
|
|
|
|
|
|
|
if c.Request.Method == "OPTIONS" {
|
|
|
|
|
c.AbortWithStatus(204)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.Next()
|
|
|
|
|
}
|
|
|
|
|
}
|
