Add config options for cors handling (#124)

Add config options for cors handling

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: vikunja/api#124
This commit is contained in:
konrad 2020-01-26 19:09:54 +00:00
parent 7e9446ea07
commit b2b1546a8f
4 changed files with 44 additions and 10 deletions

View File

@ -63,6 +63,15 @@ redis:
# 0 means default database
db: 0
cors:
# Whether to enable or disable cors headers.
enable: true
# A list of origins which may access the api.
origins:
- *
# How long (in seconds) the results of a preflight request can be cached.
maxage: 0
mailer:
# Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
enabled: false

View File

@ -106,6 +106,15 @@ redis:
# 0 means default database
db: 0
cors:
# Whether to enable or disable cors headers.
enable: true
# A list of origins which may access the api.
origins:
- *
# How long (in seconds) the results of a preflight request can be cached.
maxage: 0
mailer:
# Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
enabled: false

View File

@ -94,6 +94,10 @@ const (
MigrationWunderlistClientID Key = `migration.wunderlist.clientid`
MigrationWunderlistClientSecret Key = `migration.wunderlist.clientsecret`
MigrationWunderlistRedirectURL Key = `migration.wunderlist.redirecturl`
CorsEnable Key = `cors.enable`
CorsOrigins Key = `cors.origins`
CorsMaxAge Key = `cors.maxage`
)
// GetString returns a string config value
@ -121,6 +125,11 @@ func (k Key) GetDuration() time.Duration {
return viper.GetDuration(string(k))
}
// GetStringSlice returns a string slice from a config option
func (k Key) GetStringSlice() []string {
return viper.GetStringSlice(string(k))
}
// Set sets a value
func (k Key) Set(i interface{}) {
viper.Set(string(k), i)
@ -205,6 +214,10 @@ func InitDefaultConfig() {
// Files
FilesBasePath.setDefault("files")
FilesMaxSize.setDefault("20MB")
// Cors
CorsEnable.setDefault(true)
CorsOrigins.setDefault([]string{"*"})
CorsMaxAge.setDefault(0)
}
// InitConfig initializes the config, sets defaults etc.

View File

@ -138,16 +138,19 @@ func RegisterRoutes(e *echo.Echo) {
}
// CORS_SHIT
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
Skipper: func(context echo.Context) bool {
// Since it is not possible to register this middleware just for the api group,
// we just disable it when for caldav requests.
// Caldav requires OPTIONS requests to be answered in a specific manner,
// not doing this would break the caldav implementation
return strings.HasPrefix(context.Path(), "/dav")
},
}))
if config.CorsEnable.GetBool() {
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: config.CorsOrigins.GetStringSlice(),
MaxAge: config.CorsMaxAge.GetInt(),
Skipper: func(context echo.Context) bool {
// Since it is not possible to register this middleware just for the api group,
// we just disable it when for caldav requests.
// Caldav requires OPTIONS requests to be answered in a specific manner,
// not doing this would break the caldav implementation
return strings.HasPrefix(context.Path(), "/dav")
},
}))
}
// API Routes
a := e.Group("/api/v1")