Mirrors/gophish
2
0
Fork 0
mirror of https://github.com/gophish/gophish synced 2024-11-12 23:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2105 from gophish/fix-cors-headers

Browse source 
Add PUT and DELETE methods for CORS handling.
This commit is contained in:
Glenn Wilkinson 2021-03-06 17:40:42 +00:00 committed by GitHub
commit 54d9eb28ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
middleware/middleware.go
View file

@ -77,7 +77,7 @@ func RequireAPIKey(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "OPTIONS" {
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
w.Header().Set("Access-Control-Max-Age", "1000")
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
return

12
middleware/middleware_test.go
View file

@ -133,6 +133,18 @@ func TestRequireAPIKey(t *testing.T) {
}
}
func TestCORSHeaders(t *testing.T) {
setupTest(t)
req := httptest.NewRequest(http.MethodOptions, "/", nil)
response := httptest.NewRecorder()
RequireAPIKey(successHandler).ServeHTTP(response, req)
expected := "POST, GET, OPTIONS, PUT, DELETE"
got := response.Result().Header.Get("Access-Control-Allow-Methods")
if got != expected {
t.Fatalf("incorrect cors options received. expected %s got %s", expected, got)
}
}
func TestInvalidAPIKey(t *testing.T) {
setupTest(t)
req := httptest.NewRequest(http.MethodGet, "/", nil)