package server import ( "mal/internal/config" "net/http" "strings" "github.com/gin-gonic/gin" ) func CORSMiddleware() gin.HandlerFunc { return CORSMiddlewareWithConfig(config.Config{}) } func CORSMiddlewareWithConfig(cfg config.Config) gin.HandlerFunc { allowAll := cfg.CORSAllowAll return func(c *gin.Context) { origin := c.GetHeader("Origin") if origin != "" && (allowAll || isAllowedOrigin(origin)) { c.Header("Access-Control-Allow-Origin", origin) c.Header("Vary", "Origin") c.Header("Access-Control-Allow-Methods", "GET,POST,DELETE,OPTIONS") c.Header("Access-Control-Allow-Headers", "Authorization,Content-Type") c.Header("Access-Control-Max-Age", "600") } if c.Request.Method == http.MethodOptions && strings.HasPrefix(c.Request.URL.Path, "/api/") { c.Status(http.StatusNoContent) c.Abort() return } c.Next() } } func isAllowedOrigin(origin string) bool { if strings.HasPrefix(origin, "http://localhost:") || strings.HasPrefix(origin, "https://localhost:") { return true } if strings.HasPrefix(origin, "http://127.0.0.1:") || strings.HasPrefix(origin, "https://127.0.0.1:") { return true } return false }