pimhwang
/
owncast
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Explicitly add CORS wildcard on all OPTIONS requests

pull/1279/head
Gabe Kangas 4 years ago
parent
509c658080
commit
810b0cd5da
1 changed files with 3 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      router/middleware/auth.go

4
router/middleware/auth.go
Unescape View File

@ -58,6 +58,8 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// We should accept 3rd party preflight OPTIONS requests. // We should accept 3rd party preflight OPTIONS requests.
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
// All OPTIONS requests should have a wildcard CORS header.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
return return
} }
@ -77,7 +79,7 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
return return
} }
// All valid 3rd party requests should have a wildcard CORS header. // All auth'ed 3rd party requests should have a wildcard CORS header.
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
handler(*integration, w, r) handler(*integration, w, r)

Write Preview
Loading…
Cancel
Save