From f95e9554c7cefd8bd0e772af8a19436090311e8c Mon Sep 17 00:00:00 2001
From: Jordan Wright <jmwright798@gmail.com>
Date: Sat, 3 Aug 2019 20:55:25 -0500
Subject: [PATCH] Add CORS support for Reporting Handler (#1529)

* Added response headers for CORS and server identification (#1517)

Co-Authored-By: Glenn Wilkinson <glenn.wilkinson@gmail.com>
---
 controllers/phish.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/controllers/phish.go b/controllers/phish.go
index a41708bc..bb084c15 100644
--- a/controllers/phish.go
+++ b/controllers/phish.go
@@ -161,6 +161,7 @@ func (ps *PhishingServer) TrackHandler(w http.ResponseWriter, r *http.Request) {
 // ReportHandler tracks emails as they are reported, updating the status for the given Result
 func (ps *PhishingServer) ReportHandler(w http.ResponseWriter, r *http.Request) {
 	r, err := setupContext(r)
+	w.Header().Set("Access-Control-Allow-Origin", "*") // To allow Chrome extensions (or other pages) to report a campaign without violating CORS
 	if err != nil {
 		// Log the error if it wasn't something we can safely ignore
 		if err != ErrInvalidRequest && err != ErrCampaignComplete {
@@ -203,6 +204,7 @@ func (ps *PhishingServer) PhishHandler(w http.ResponseWriter, r *http.Request) {
 		http.NotFound(w, r)
 		return
 	}
+	w.Header().Set("X-Server", config.ServerName) // Useful for checking if this is a GoPhish server (e.g. for campaign reporting plugins)
 	var ptx models.PhishingTemplateContext
 	// Check for a preview
 	if preview, ok := ctx.Get(r, "result").(models.EmailRequest); ok {