Merge pull request #1819 from al45tair/cors-auth

fix: allow Authorization header when doing CORS
This commit is contained in:
Márk Sági-Kazár 2020-10-06 14:35:21 +02:00 committed by GitHub
commit d1f599dd32
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -294,8 +294,14 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
handleWithCORS := func(p string, h http.HandlerFunc) { handleWithCORS := func(p string, h http.HandlerFunc) {
var handler http.Handler = h var handler http.Handler = h
if len(c.AllowedOrigins) > 0 { if len(c.AllowedOrigins) > 0 {
corsOption := handlers.AllowedOrigins(c.AllowedOrigins) allowedHeaders := []string{
handler = handlers.CORS(corsOption)(handler) "Authorization",
}
cors := handlers.CORS(
handlers.AllowedOrigins(c.AllowedOrigins),
handlers.AllowedHeaders(allowedHeaders),
)
handler = cors(handler)
} }
r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler)) r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
} }