Merge pull request #2105 from gophish/fix-cors-headers

Add PUT and DELETE methods for CORS handling.
pull/2140/head
Glenn Wilkinson 2021-03-06 17:40:42 +00:00 committed by GitHub
commit 54d9eb28ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions

View File

@ -77,7 +77,7 @@ func RequireAPIKey(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS") w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
w.Header().Set("Access-Control-Max-Age", "1000") w.Header().Set("Access-Control-Max-Age", "1000")
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept") w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
return return

View File

@ -133,6 +133,18 @@ func TestRequireAPIKey(t *testing.T) {
} }
} }
func TestCORSHeaders(t *testing.T) {
setupTest(t)
req := httptest.NewRequest(http.MethodOptions, "/", nil)
response := httptest.NewRecorder()
RequireAPIKey(successHandler).ServeHTTP(response, req)
expected := "POST, GET, OPTIONS, PUT, DELETE"
got := response.Result().Header.Get("Access-Control-Allow-Methods")
if got != expected {
t.Fatalf("incorrect cors options received. expected %s got %s", expected, got)
}
}
func TestInvalidAPIKey(t *testing.T) { func TestInvalidAPIKey(t *testing.T) {
setupTest(t) setupTest(t)
req := httptest.NewRequest(http.MethodGet, "/", nil) req := httptest.NewRequest(http.MethodGet, "/", nil)