46 lines
1.1 KiB
Go
46 lines
1.1 KiB
Go
package server
|
|
|
|
import (
|
|
"mal/internal/config"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func CORSMiddleware() gin.HandlerFunc {
|
|
return CORSMiddlewareWithConfig(config.Config{})
|
|
}
|
|
|
|
func CORSMiddlewareWithConfig(cfg config.Config) gin.HandlerFunc {
|
|
allowAll := cfg.CORSAllowAll
|
|
return func(c *gin.Context) {
|
|
origin := c.GetHeader("Origin")
|
|
if origin != "" && (allowAll || isAllowedOrigin(origin)) {
|
|
c.Header("Access-Control-Allow-Origin", origin)
|
|
c.Header("Vary", "Origin")
|
|
c.Header("Access-Control-Allow-Methods", "GET,POST,DELETE,OPTIONS")
|
|
c.Header("Access-Control-Allow-Headers", "Authorization,Content-Type")
|
|
c.Header("Access-Control-Max-Age", "600")
|
|
}
|
|
|
|
if c.Request.Method == http.MethodOptions && strings.HasPrefix(c.Request.URL.Path, "/api/") {
|
|
c.Status(http.StatusNoContent)
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func isAllowedOrigin(origin string) bool {
|
|
if strings.HasPrefix(origin, "http://localhost:") || strings.HasPrefix(origin, "https://localhost:") {
|
|
return true
|
|
}
|
|
if strings.HasPrefix(origin, "http://127.0.0.1:") || strings.HasPrefix(origin, "https://127.0.0.1:") {
|
|
return true
|
|
}
|
|
return false
|
|
}
|