mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
clean up some weirdness in the router (#80)
This commit is contained in:
Tobi Smethurst
GitHub
88
internal/router/cors.go
Normal file
88
internal/router/cors.go
Normal file
@@ -0,0 +1,88 @@
|
||||
/*
|
||||
GoToSocial
|
||||
Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package router
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/gin-contrib/cors"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/config"
|
||||
)
|
||||
|
||||
var corsConfig = cors.Config{
|
||||
// TODO: make this customizable so instance admins can specify an origin for CORS requests
|
||||
AllowAllOrigins: true,
|
||||
|
||||
// adds the following:
|
||||
// "chrome-extension://"
|
||||
// "safari-extension://"
|
||||
// "moz-extension://"
|
||||
// "ms-browser-extension://"
|
||||
AllowBrowserExtensions: true,
|
||||
AllowMethods: []string{
|
||||
"POST",
|
||||
"PUT",
|
||||
"DELETE",
|
||||
"GET",
|
||||
"PATCH",
|
||||
"OPTIONS",
|
||||
},
|
||||
AllowHeaders: []string{
|
||||
// basic cors stuff
|
||||
"Origin",
|
||||
"Content-Length",
|
||||
"Content-Type",
|
||||
|
||||
// needed to pass oauth bearer tokens
|
||||
"Authorization",
|
||||
|
||||
// needed for websocket upgrade requests
|
||||
"Upgrade",
|
||||
"Sec-WebSocket-Extensions",
|
||||
"Sec-WebSocket-Key",
|
||||
"Sec-WebSocket-Protocol",
|
||||
"Sec-WebSocket-Version",
|
||||
"Connection",
|
||||
},
|
||||
AllowWebSockets: true,
|
||||
ExposeHeaders: []string{
|
||||
// needed for accessing next/prev links when making GET timeline requests
|
||||
"Link",
|
||||
|
||||
// needed so clients can handle rate limits
|
||||
"X-RateLimit-Reset",
|
||||
"X-RateLimit-Limit",
|
||||
"X-RateLimit-Remaining",
|
||||
"X-Request-Id",
|
||||
|
||||
// websocket stuff
|
||||
"Connection",
|
||||
"Sec-WebSocket-Accept",
|
||||
"Upgrade",
|
||||
},
|
||||
MaxAge: 2 * time.Minute,
|
||||
}
|
||||
|
||||
// useCors attaches the corsConfig above to the given gin engine
|
||||
func useCors(cfg *config.Config, engine *gin.Engine) error {
|
||||
c := cors.New(corsConfig)
|
||||
engine.Use(c)
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user