Add CORS headers to http responses (#639)

* add cors headers to http req * refactor cors * refactor cors
tdex-network · Sep 26, 2022 · f63c71f · f63c71f
1 parent 391fc3d
commit f63c71f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/internal/interfaces/grpc/http_utils.go b/internal/interfaces/grpc/http_utils.go
@@ -284,12 +284,16 @@ func newGRPCWrappedServer(
 
 	handler := func(w http.ResponseWriter, req *http.Request) {
 		if isOptionRequest(req) {
-			w.Header().Set("Access-control-Allow-Origin", "*")
-			w.Header().Set("Access-control-Allow-Headers", "*")
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Headers", "*")
+			w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
 			return
 		}
 		if isGetRequest(req) {
 			if handler, ok := httpHandlers[req.URL.Path]; ok {
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Headers", "*")
+				w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
 				handler(w, req)
 				return
 			}
@@ -302,6 +306,9 @@ func newGRPCWrappedServer(
 
 		if grpcGateway != nil {
 			if isHttpRequest(req) {
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Headers", "*")
+				w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
 				grpcGateway.ServeHTTP(w, req)
 				return
 			}

diff --git a/internal/interfaces/http/tdex_connect_handler.go b/internal/interfaces/http/tdex_connect_handler.go
@@ -119,15 +119,15 @@ func (t *tdexConnect) AuthHandler(w http.ResponseWriter, req *http.Request) {
 	username, password, ok := req.BasicAuth()
 	if !ok {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-control-Allow-Headers", "*")
+		w.Header().Set("Access-Control-Allow-Headers", "*")
 		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
 		log.Debugln("http: basic auth not provided")
 		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 		return
 	}
 	if username != "tdex" {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-control-Allow-Headers", "*")
+		w.Header().Set("Access-Control-Allow-Headers", "*")
 		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
 		log.Debugln("http: invalid username")
 		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
@@ -144,7 +144,7 @@ func (t *tdexConnect) AuthHandler(w http.ResponseWriter, req *http.Request) {
 	pwdHash := btcutil.Hash160([]byte(password))
 	if !bytes.Equal(vault.PassphraseHash, pwdHash) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-control-Allow-Headers", "*")
+		w.Header().Set("Access-Control-Allow-Headers", "*")
 		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
 		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 		return