mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-23 11:28:59 +00:00
Merge pull request #2780 from letiemble/CORS_Support2
Move CORS middleware to process un-authenticated OPTIONS requests
This commit is contained in:
commit
bf353a42cd
@ -236,12 +236,12 @@ func (s *apiService) Serve() {
|
|||||||
|
|
||||||
guiCfg := s.cfg.GUI()
|
guiCfg := s.cfg.GUI()
|
||||||
|
|
||||||
|
// Add the CORS handling
|
||||||
|
handler := corsMiddleware(mux)
|
||||||
|
|
||||||
// Wrap everything in CSRF protection. The /rest prefix should be
|
// Wrap everything in CSRF protection. The /rest prefix should be
|
||||||
// protected, other requests will grant cookies.
|
// protected, other requests will grant cookies.
|
||||||
handler := csrfMiddleware(s.id.String()[:5], "/rest", guiCfg, mux)
|
handler = csrfMiddleware(s.id.String()[:5], "/rest", guiCfg, handler)
|
||||||
|
|
||||||
// Add the CORS handling
|
|
||||||
handler = corsMiddleware(handler)
|
|
||||||
|
|
||||||
// Add our version and ID as a header to responses
|
// Add our version and ID as a header to responses
|
||||||
handler = withDetailsMiddleware(s.id, handler)
|
handler = withDetailsMiddleware(s.id, handler)
|
||||||
@ -382,6 +382,10 @@ func corsMiddleware(next http.Handler) http.Handler {
|
|||||||
// Handle CORS headers and CORS OPTIONS request.
|
// Handle CORS headers and CORS OPTIONS request.
|
||||||
// CORS OPTIONS request are typically sent by browser during AJAX preflight
|
// CORS OPTIONS request are typically sent by browser during AJAX preflight
|
||||||
// when the browser initiate a POST request.
|
// when the browser initiate a POST request.
|
||||||
|
//
|
||||||
|
// As the OPTIONS request is unauthorized, this handler must be the first
|
||||||
|
// of the chain.
|
||||||
|
//
|
||||||
// See https://www.w3.org/TR/cors/ for details.
|
// See https://www.w3.org/TR/cors/ for details.
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
// Add a generous access-control-allow-origin header since we may be
|
// Add a generous access-control-allow-origin header since we may be
|
||||||
|
Loading…
Reference in New Issue
Block a user