From 919eaf1df40c6656bcd696127181d58941510a9e Mon Sep 17 00:00:00 2001 From: aecra Date: Thu, 30 Jun 2022 21:29:02 +0800 Subject: [PATCH] fix: fix CORS error after sucessful OPTION (#838) --- routers/cors_filter.go | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/routers/cors_filter.go b/routers/cors_filter.go index 207d91572..01b2bb483 100644 --- a/routers/cors_filter.go +++ b/routers/cors_filter.go @@ -1,9 +1,24 @@ +// Copyright 2021 The Casdoor Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package routers import ( "net/http" "github.com/astaxie/beego/context" + "github.com/casdoor/casdoor/conf" "github.com/casdoor/casdoor/object" ) @@ -15,17 +30,20 @@ const ( ) func CorsFilter(ctx *context.Context) { - if ctx.Input.Method() == "OPTIONS" { - origin := ctx.Input.Header(headerOrigin) - + origin := ctx.Input.Header(headerOrigin) + if origin != "" && origin != conf.GetConfigString("origin") { if object.IsAllowOrigin(origin) { ctx.Output.Header(headerAllowOrigin, origin) ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS") ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization") - ctx.ResponseWriter.WriteHeader(http.StatusOK) } else { ctx.ResponseWriter.WriteHeader(http.StatusForbidden) + return + } + + if ctx.Input.Method() == "OPTIONS" { + ctx.ResponseWriter.WriteHeader(http.StatusOK) + return } - return } }