Merge pull request #1819 from al45tair/cors-auth
fix: allow Authorization header when doing CORS
This commit is contained in:
commit
d1f599dd32
1 changed files with 8 additions and 2 deletions
|
@ -294,8 +294,14 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
||||||
handleWithCORS := func(p string, h http.HandlerFunc) {
|
handleWithCORS := func(p string, h http.HandlerFunc) {
|
||||||
var handler http.Handler = h
|
var handler http.Handler = h
|
||||||
if len(c.AllowedOrigins) > 0 {
|
if len(c.AllowedOrigins) > 0 {
|
||||||
corsOption := handlers.AllowedOrigins(c.AllowedOrigins)
|
allowedHeaders := []string{
|
||||||
handler = handlers.CORS(corsOption)(handler)
|
"Authorization",
|
||||||
|
}
|
||||||
|
cors := handlers.CORS(
|
||||||
|
handlers.AllowedOrigins(c.AllowedOrigins),
|
||||||
|
handlers.AllowedHeaders(allowedHeaders),
|
||||||
|
)
|
||||||
|
handler = cors(handler)
|
||||||
}
|
}
|
||||||
r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
|
r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue