2020-02-21 16:50:50 +01:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
2021-03-01 22:03:57 +01:00
|
|
|
"net/url"
|
2020-02-21 16:50:50 +01:00
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
2020-12-17 22:51:43 +01:00
|
|
|
"github.com/photoview/photoview/api/utils"
|
2020-02-21 16:50:50 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func CORSMiddleware(devMode bool) mux.MiddlewareFunc {
|
|
|
|
return func(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
2020-02-21 22:42:39 +01:00
|
|
|
|
2021-03-01 22:03:57 +01:00
|
|
|
var uiEndpoint *url.URL = nil
|
2020-02-21 16:50:50 +01:00
|
|
|
|
|
|
|
if devMode {
|
|
|
|
// Development environment
|
|
|
|
w.Header().Set("Access-Control-Allow-Origin", req.Header.Get("origin"))
|
|
|
|
w.Header().Set("Vary", "Origin")
|
|
|
|
} else {
|
|
|
|
// Production environment
|
2021-03-01 22:03:57 +01:00
|
|
|
uiEndpoint = utils.UiEndpointUrl()
|
|
|
|
if uiEndpoint != nil {
|
|
|
|
// Only allow CORS if UI endpoint is defined
|
|
|
|
w.Header().Set("Access-Control-Allow-Origin", uiEndpoint.Scheme+"://"+uiEndpoint.Host)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
corsEnabled := devMode || uiEndpoint != nil
|
|
|
|
if corsEnabled {
|
|
|
|
methods := []string{http.MethodGet, http.MethodPost, http.MethodOptions}
|
|
|
|
requestHeaders := []string{"authorization", "content-type", "content-length", "TokenPassword"}
|
|
|
|
responseHeaders := []string{"content-length"}
|
|
|
|
|
|
|
|
w.Header().Set("Access-Control-Allow-Methods", strings.Join(methods, ", "))
|
|
|
|
w.Header().Set("Access-Control-Allow-Headers", strings.Join(requestHeaders, ", "))
|
|
|
|
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
|
|
|
w.Header().Set("Access-Control-Expose-Headers", strings.Join(responseHeaders, ", "))
|
2020-02-21 16:50:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if req.Method != http.MethodOptions {
|
|
|
|
next.ServeHTTP(w, req)
|
2020-02-21 21:00:40 +01:00
|
|
|
} else {
|
|
|
|
w.WriteHeader(200)
|
2020-02-21 16:50:50 +01:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|