DBT/clawgo
1
0
Fork 0
mirror of https://github.com/YspCoder/clawgo.git synced 2026-04-13 18:07:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow credentialed cross-origin API requests

Browse Source
This commit is contained in:
LPF
2026-03-17 18:16:52 +08:00
parent 4edfe8e2f0
commit ceb34d6c7e
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/api/server.go
View File

@@ -245,6 +245,7 @@ func (s *Server) withCORS(next http.Handler) http.Handler {
} else {
w.Header().Set("Access-Control-Allow-Origin", "*")
}
w.Header().Set("Access-Control-Allow-Credentials", "true")
allowMethods := strings.TrimSpace(r.Header.Get("Access-Control-Request-Method"))
if allowMethods == "" {
allowMethods = "GET, POST, PUT, PATCH, DELETE, OPTIONS"

3
pkg/api/server_test.go
View File

@@ -193,6 +193,9 @@ func TestWithCORSEchoesPreflightHeaders(t *testing.T) {
if got := rec.Header().Get("Access-Control-Allow-Origin"); got != "https://dash.clawgo.dev" {
t.Fatalf("unexpected allow origin: %q", got)
}
if got := rec.Header().Get("Access-Control-Allow-Credentials"); got != "true" {
t.Fatalf("unexpected allow credentials: %q", got)
}
if got := rec.Header().Get("Access-Control-Allow-Methods"); got != "POST" {
t.Fatalf("unexpected allow methods: %q", got)
}