LogalDeveloper/owncast
0
Fork 0
Code Activity

Explicitly add CORS wildcard on all OPTIONS requests

Browse Source
This commit is contained in:
Gabe Kangas
2021-07-28 12:47:15 -07:00
parent 509c658080
commit 810b0cd5da
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
router/middleware/auth.go
View File

@@ -58,6 +58,8 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// We should accept 3rd party preflight OPTIONS requests. // We should accept 3rd party preflight OPTIONS requests.
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
// All OPTIONS requests should have a wildcard CORS header.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
return return
} }
@@ -77,7 +79,7 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
return return
} }
// All valid 3rd party requests should have a wildcard CORS header. // All auth'ed 3rd party requests should have a wildcard CORS header.
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
handler(*integration, w, r) handler(*integration, w, r)