Files
mal/internal/server/cors.go

46 lines
1.1 KiB
Go

package server
import (
"mal/internal/config"
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
func CORSMiddleware() gin.HandlerFunc {
return CORSMiddlewareWithConfig(config.Config{})
}
func CORSMiddlewareWithConfig(cfg config.Config) gin.HandlerFunc {
allowAll := cfg.CORSAllowAll
return func(c *gin.Context) {
origin := c.GetHeader("Origin")
if origin != "" && (allowAll || isAllowedOrigin(origin)) {
c.Header("Access-Control-Allow-Origin", origin)
c.Header("Vary", "Origin")
c.Header("Access-Control-Allow-Methods", "GET,POST,DELETE,OPTIONS")
c.Header("Access-Control-Allow-Headers", "Authorization,Content-Type")
c.Header("Access-Control-Max-Age", "600")
}
if c.Request.Method == http.MethodOptions && strings.HasPrefix(c.Request.URL.Path, "/api/") {
c.Status(http.StatusNoContent)
c.Abort()
return
}
c.Next()
}
}
func isAllowedOrigin(origin string) bool {
if strings.HasPrefix(origin, "http://localhost:") || strings.HasPrefix(origin, "https://localhost:") {
return true
}
if strings.HasPrefix(origin, "http://127.0.0.1:") || strings.HasPrefix(origin, "https://127.0.0.1:") {
return true
}
return false
}