From a2c5376d9ac5db328d407d6ba4bd7f21c107df51 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sun, 10 Apr 2022 18:11:00 +0200 Subject: [PATCH] Fix CORS / add Access-Control-Allow-Origin * to all methods (#69) The header is not only necessary on the OPTIONS request, but on any method, so I removed the condition. Serving any workadventure map was broken BTW. We should have tested this :-( Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/69 Reviewed-by: Andreas Shimokawa Co-authored-by: Otto Richter Co-committed-by: Otto Richter --- server/handler.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/server/handler.go b/server/handler.go index 60f5809..8445850 100644 --- a/server/handler.go +++ b/server/handler.go @@ -54,19 +54,19 @@ func Handler(mainDomainSuffix, rawDomain []byte, } // Allow CORS for specified domains + allowCors := false + for _, allowedCorsDomain := range allowedCorsDomains { + if bytes.Equal(trimmedHost, allowedCorsDomain) { + allowCors = true + break + } + } + if allowCors { + ctx.Response.Header.Set("Access-Control-Allow-Origin", "*") + ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD") + } + ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS") if ctx.IsOptions() { - allowCors := false - for _, allowedCorsDomain := range allowedCorsDomains { - if bytes.Equal(trimmedHost, allowedCorsDomain) { - allowCors = true - break - } - } - if allowCors { - ctx.Response.Header.Set("Access-Control-Allow-Origin", "*") - ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD") - } - ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS") ctx.Response.Header.SetStatusCode(fasthttp.StatusNoContent) return }