From f63c71f5e7c716bbb4a6b4d29fe6ef96e962fe0e Mon Sep 17 00:00:00 2001 From: Dusan Sekulic Date: Mon, 26 Sep 2022 17:20:37 +0200 Subject: [PATCH] Add CORS headers to http responses (#639) * add cors headers to http req * refactor cors * refactor cors --- internal/interfaces/grpc/http_utils.go | 11 +++++++++-- internal/interfaces/http/tdex_connect_handler.go | 6 +++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/internal/interfaces/grpc/http_utils.go b/internal/interfaces/grpc/http_utils.go index 798e8907..cbf34216 100644 --- a/internal/interfaces/grpc/http_utils.go +++ b/internal/interfaces/grpc/http_utils.go @@ -284,12 +284,16 @@ func newGRPCWrappedServer( handler := func(w http.ResponseWriter, req *http.Request) { if isOptionRequest(req) { - w.Header().Set("Access-control-Allow-Origin", "*") - w.Header().Set("Access-control-Allow-Headers", "*") + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") + w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS") return } if isGetRequest(req) { if handler, ok := httpHandlers[req.URL.Path]; ok { + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") + w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS") handler(w, req) return } @@ -302,6 +306,9 @@ func newGRPCWrappedServer( if grpcGateway != nil { if isHttpRequest(req) { + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") + w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS") grpcGateway.ServeHTTP(w, req) return } diff --git a/internal/interfaces/http/tdex_connect_handler.go b/internal/interfaces/http/tdex_connect_handler.go index 0dbb4d35..5bcffada 100644 --- a/internal/interfaces/http/tdex_connect_handler.go +++ b/internal/interfaces/http/tdex_connect_handler.go @@ -119,7 +119,7 @@ func (t *tdexConnect) AuthHandler(w http.ResponseWriter, req *http.Request) { username, password, ok := req.BasicAuth() if !ok { w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-control-Allow-Headers", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) log.Debugln("http: basic auth not provided") http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) @@ -127,7 +127,7 @@ func (t *tdexConnect) AuthHandler(w http.ResponseWriter, req *http.Request) { } if username != "tdex" { w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-control-Allow-Headers", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) log.Debugln("http: invalid username") http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) @@ -144,7 +144,7 @@ func (t *tdexConnect) AuthHandler(w http.ResponseWriter, req *http.Request) { pwdHash := btcutil.Hash160([]byte(password)) if !bytes.Equal(vault.PassphraseHash, pwdHash) { w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-control-Allow-Headers", "*") + w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return