mirror of https://github.com/gophish/gophish
Add PUT and DELETE methods for CORS handling. Fixes #2098
parent
e6533e9993
commit
166ff8a050
|
@ -77,7 +77,7 @@ func RequireAPIKey(handler http.Handler) http.Handler {
|
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
if r.Method == "OPTIONS" {
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
|
||||
w.Header().Set("Access-Control-Max-Age", "1000")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
|
||||
return
|
||||
|
|
|
@ -133,6 +133,18 @@ func TestRequireAPIKey(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestCORSHeaders(t *testing.T) {
|
||||
setupTest(t)
|
||||
req := httptest.NewRequest(http.MethodOptions, "/", nil)
|
||||
response := httptest.NewRecorder()
|
||||
RequireAPIKey(successHandler).ServeHTTP(response, req)
|
||||
expected := "POST, GET, OPTIONS, PUT, DELETE"
|
||||
got := response.Result().Header.Get("Access-Control-Allow-Methods")
|
||||
if got != expected {
|
||||
t.Fatalf("incorrect cors options received. expected %s got %s", expected, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestInvalidAPIKey(t *testing.T) {
|
||||
setupTest(t)
|
||||
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
|
Loading…
Reference in New Issue