fix: handling CORS for api.rest

2025-07-06 04:52:10 -07:00 · 2019-03-12 12:49:20 +01:00 · 2019-03-12 12:49:20 +01:00 · 3c1277ebbc
commit 3c1277ebbc
parent e90c6b5e2d
2 changed files with 10 additions and 0 deletions
--- a/modules/api_rest/api_rest_controller.go
+++ b/modules/api_rest/api_rest_controller.go
@ -41,7 +41,10 @@ func (mod *RestAPI) setSecurityHeaders(w http.ResponseWriter) {
 	w.Header().Add("X-Content-Type-Options", "nosniff")
 	w.Header().Add("X-XSS-Protection", "1; mode=block")
 	w.Header().Add("Referrer-Policy", "same-origin")
+
 	w.Header().Set("Access-Control-Allow-Origin", mod.allowOrigin)
+	w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+	w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
 }

 func (mod *RestAPI) checkAuth(r *http.Request) bool {
@ -190,6 +193,11 @@ func (mod *RestAPI) clearEvents(w http.ResponseWriter, r *http.Request) {
 	session.I.Events.Clear()
 }

+func (mod *RestAPI) corsRoute(w http.ResponseWriter, r *http.Request) {
+	mod.setSecurityHeaders(w)
+	w.WriteHeader(http.StatusNoContent)
+}
+
 func (mod *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
 	mod.setSecurityHeaders(w)