Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS middleware #115

Merged
merged 5 commits into from
Nov 25, 2016
Merged

CORS middleware #115

merged 5 commits into from
Nov 25, 2016

Conversation

jinroh
Copy link
Contributor

@jinroh jinroh commented Nov 25, 2016

Add a simple CORS middleware and fix the Host forwarding by the proxy.

@codecov-io
Copy link

codecov-io commented Nov 25, 2016
edited
Loading

Current coverage is 50.19% (diff: 91.17%)

Merging #115 into master will increase coverage by 0.35%

@@             master       #115   diff @@
==========================================
  Files            28         29     +1   
  Lines          2544       2588    +44   
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits           1268       1299    +31   
- Misses         1058       1070    +12   
- Partials        218        219     +1

Powered by Codecov. Last update 4bc6725...3d5d32d

nono
nono reviewed Nov 25, 2016
View reviewed changes
web/router.go
@@ -38,10 +43,64 @@ func SetupRoutes(router *gin.Engine) {
router.Use(middlewares.ParseHost())
router.Use(middlewares.ServeApp(apps.Serve))
router.Use(middlewares.ErrorHandler())
router.Use(corsMiddleware("/apps", "/data", "/files"))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you insert the middleware here, and not like middlewares.NeedInstance in each Group?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what i wanted to do, but in the way gin works I would have to add an empty router.OPTIONS handler on each one of these routes to not get a 404 on the preflight request.. I opted for a "global" middleware of this reason...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, you should note this in a comment. It could be helpful later to remember that

nono
nono reviewed Nov 25, 2016
View reviewed changes
web/router.go
origin := c.Request.Header.Get("Origin")
if origin == "" {
return
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO for later: check that the Origin header matches a subdomain of the instance or a registered domain for an OAuth2 app/device.

@aenario aenario merged commit 38c6e5a into cozy:master Nov 25, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nono nono nono approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jinroh @codecov-io @nono @aenario