github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-07 13:32:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: handling CORS for api.rest

Browse source
This commit is contained in:
evilsocket 2019-03-12 12:49:20 +01:00
parent e90c6b5e2d
commit 3c1277ebbc
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/api_rest/api_rest.go
View file

@ -172,6 +172,8 @@ func (mod *RestAPI) Configure() error {
router := mux.NewRouter() router := mux.NewRouter()
router.Methods("OPTIONS").HandlerFunc(mod.corsRoute)
router.HandleFunc("/api/events", mod.eventsRoute) router.HandleFunc("/api/events", mod.eventsRoute)
router.HandleFunc("/api/session", mod.sessionRoute) router.HandleFunc("/api/session", mod.sessionRoute)
router.HandleFunc("/api/session/ble", mod.sessionRoute) router.HandleFunc("/api/session/ble", mod.sessionRoute)

8
modules/api_rest/api_rest_controller.go
View file

@ -41,7 +41,10 @@ func (mod *RestAPI) setSecurityHeaders(w http.ResponseWriter) {
w.Header().Add("X-Content-Type-Options", "nosniff") w.Header().Add("X-Content-Type-Options", "nosniff")
w.Header().Add("X-XSS-Protection", "1; mode=block") w.Header().Add("X-XSS-Protection", "1; mode=block")
w.Header().Add("Referrer-Policy", "same-origin") w.Header().Add("Referrer-Policy", "same-origin")
w.Header().Set("Access-Control-Allow-Origin", mod.allowOrigin) w.Header().Set("Access-Control-Allow-Origin", mod.allowOrigin)
w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
} }
func (mod *RestAPI) checkAuth(r *http.Request) bool { func (mod *RestAPI) checkAuth(r *http.Request) bool {
@ -190,6 +193,11 @@ func (mod *RestAPI) clearEvents(w http.ResponseWriter, r *http.Request) {
session.I.Events.Clear() session.I.Events.Clear()
} }
func (mod *RestAPI) corsRoute(w http.ResponseWriter, r *http.Request) {
mod.setSecurityHeaders(w)
w.WriteHeader(http.StatusNoContent)
}
func (mod *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) { func (mod *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
mod.setSecurityHeaders(w) mod.setSecurityHeaders(w)