mirror of https://github.com/coder/coder.git
28 lines
708 B
Go
28 lines
708 B
Go
|
package httpmw
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
|
||
|
"github.com/go-chi/cors"
|
||
|
)
|
||
|
|
||
|
//nolint:revive
|
||
|
func Cors(allowAll bool, origins ...string) func(next http.Handler) http.Handler {
|
||
|
if len(origins) == 0 {
|
||
|
// The default behavior is '*', so putting the empty string defaults to
|
||
|
// the secure behavior of blocking CORs requests.
|
||
|
origins = []string{""}
|
||
|
}
|
||
|
if allowAll {
|
||
|
origins = []string{"*"}
|
||
|
}
|
||
|
return cors.Handler(cors.Options{
|
||
|
AllowedOrigins: origins,
|
||
|
// We only need GET for latency requests
|
||
|
AllowedMethods: []string{http.MethodOptions, http.MethodGet},
|
||
|
AllowedHeaders: []string{"Accept", "Content-Type", "X-LATENCY-CHECK", "X-CSRF-TOKEN"},
|
||
|
// Do not send any cookies
|
||
|
AllowCredentials: false,
|
||
|
})
|
||
|
}
|