octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2025-02-02 11:58:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/syncthing: Fix handler ordering so CORS middleware wraps all the others but the debug one

Browse Source
This commit is contained in:
Laurent Etiemble 2016-04-03 13:24:55 +02:00 committed by Jakob Borg
parent 4c3cd4c9e3
commit 7b4e1e9055
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/syncthing/gui.go
View File

@ -301,12 +301,9 @@ func (s *apiService) Serve() {
guiCfg := s.cfg.GUI()
// Add the CORS handling
handler := corsMiddleware(mux)
// Wrap everything in CSRF protection. The /rest prefix should be
// protected, other requests will grant cookies.
handler = csrfMiddleware(s.id.String()[:5], "/rest", guiCfg, handler)
handler := csrfMiddleware(s.id.String()[:5], "/rest", guiCfg, mux)
// Add our version and ID as a header to responses
handler = withDetailsMiddleware(s.id, handler)
@ -321,6 +318,9 @@ func (s *apiService) Serve() {
handler = redirectToHTTPSMiddleware(handler)
}
// Add the CORS handling
handler = corsMiddleware(handler)
handler = debugMiddleware(handler)
srv := http.Server{
@ -449,7 +449,7 @@ func corsMiddleware(next http.Handler) http.Handler {
// when the browser initiate a POST request.
//
// As the OPTIONS request is unauthorized, this handler must be the first
// of the chain.
// of the chain (hence added at the end).
//
// See https://www.w3.org/TR/cors/ for details.
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {