Fixed CORS once and for all

This commit is contained in:
kolaente 2018-09-07 22:49:16 +02:00
parent 4749352bbd
commit 4f3e016751
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
2 changed files with 5 additions and 35 deletions

View file

@ -187,6 +187,7 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
* [x] Namen finden * [x] Namen finden
* [x] Alle Packages umziehen * [x] Alle Packages umziehen
* [x] Swagger UI aufsetzen * [x] Swagger UI aufsetzen
+ [x] CORS fixen
* [ ] Cacher konfigurierbar * [ ] Cacher konfigurierbar
* [ ] Deps nach mod (dem nachfolger von dep) umziehen, blocked by Go 1.11 * [ ] Deps nach mod (dem nachfolger von dep) umziehen, blocked by Go 1.11
* [x] Überall echo.NewHTTPError statt c.JSON(Message{}) benutzen * [x] Überall echo.NewHTTPError statt c.JSON(Message{}) benutzen

View file

@ -51,19 +51,10 @@ func NewEcho() *echo.Echo {
// RegisterRoutes registers all routes for the application // RegisterRoutes registers all routes for the application
func RegisterRoutes(e *echo.Echo) { func RegisterRoutes(e *echo.Echo) {
// TODO: Use proper cors middleware by echo // CORS_SHIT
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
// Middleware for cors AllowOrigins: []string{"*"},
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc { }))
return func(c echo.Context) error {
res := c.Response()
res.Header().Set("Access-Control-Allow-Origin", "*")
res.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
res.Header().Set("Access-Control-Allow-Headers", "authorization,content-type")
res.Header().Set("Access-Control-Expose-Headers", "authorization,content-type")
return next(c)
}
})
// Swagger UI // Swagger UI
e.Static("/swagger", "public/swagger") e.Static("/swagger", "public/swagger")
@ -71,28 +62,6 @@ func RegisterRoutes(e *echo.Echo) {
// API Routes // API Routes
a := e.Group("/api/v1") a := e.Group("/api/v1")
// CORS_SHIT
a.OPTIONS("/login", SetCORSHeader)
a.OPTIONS("/register", SetCORSHeader)
a.OPTIONS("/users", SetCORSHeader)
a.OPTIONS("/users/:id", SetCORSHeader)
a.OPTIONS("/lists", SetCORSHeader)
a.OPTIONS("/lists/:id", SetCORSHeader)
a.OPTIONS("/lists/:id/teams", SetCORSHeader)
a.OPTIONS("/lists/:id/teams/:id", SetCORSHeader)
a.OPTIONS("/lists/:id/users", SetCORSHeader)
a.OPTIONS("/lists/:id/users/:id", SetCORSHeader)
a.OPTIONS("/namespaces", SetCORSHeader)
a.OPTIONS("/namespaces/:id", SetCORSHeader)
a.OPTIONS("/namespaces/:id/lists", SetCORSHeader)
a.OPTIONS("/namespaces/:id/users", SetCORSHeader)
a.OPTIONS("/namespaces/:id/users/:id", SetCORSHeader)
a.OPTIONS("/tasks/:id", SetCORSHeader)
a.OPTIONS("/tasks", SetCORSHeader)
a.OPTIONS("/teams", SetCORSHeader)
a.OPTIONS("/teams/:id", SetCORSHeader)
a.OPTIONS("/teams/:id/members", SetCORSHeader)
a.POST("/login", apiv1.Login) a.POST("/login", apiv1.Login)
a.POST("/register", apiv1.RegisterUser) a.POST("/register", apiv1.RegisterUser)