From 704f89c7ad9c54d07b10a558390289f4c00f9b1f Mon Sep 17 00:00:00 2001 From: kompotkot Date: Fri, 1 Oct 2021 14:56:07 +0000 Subject: [PATCH] Fixed CORS check in go status servers --- crawlers/server/main.go | 12 ++++++++++-- db/server/main.go | 13 +++++++++++-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/crawlers/server/main.go b/crawlers/server/main.go index 413c3c88..f0bd58db 100644 --- a/crawlers/server/main.go +++ b/crawlers/server/main.go @@ -27,9 +27,17 @@ type PingResponse struct { Status string `json:"status"` } +// Extends handler with allowed CORS policies func setupCorsResponse(w *http.ResponseWriter, req *http.Request) { - (*w).Header().Set("Access-Control-Allow-Origin", MOONSTREAM_CORS_ALLOWED_ORIGINS) - (*w).Header().Set("Access-Control-Allow-Methods", "GET") + for _, allowedOrigin := range strings.Split(MOONSTREAM_CORS_ALLOWED_ORIGINS, ",") { + for _, reqOrigin := range req.Header["Origin"] { + if reqOrigin == allowedOrigin { + (*w).Header().Set("Access-Control-Allow-Origin", allowedOrigin) + } + } + + } + (*w).Header().Set("Access-Control-Allow-Methods", "GET,OPTIONS") } func ping(w http.ResponseWriter, req *http.Request) { diff --git a/db/server/main.go b/db/server/main.go index c05dab03..caae18b1 100644 --- a/db/server/main.go +++ b/db/server/main.go @@ -6,6 +6,7 @@ import ( "log" "net/http" "os" + "strings" "gorm.io/driver/postgres" "gorm.io/gorm" @@ -22,9 +23,17 @@ type BlockResponse struct { BlockNumber uint64 `json:"block_number"` } +// Extends handler with allowed CORS policies func setupCorsResponse(w *http.ResponseWriter, req *http.Request) { - (*w).Header().Set("Access-Control-Allow-Origin", MOONSTREAM_CORS_ALLOWED_ORIGINS) - (*w).Header().Set("Access-Control-Allow-Methods", "GET") + for _, allowedOrigin := range strings.Split(MOONSTREAM_CORS_ALLOWED_ORIGINS, ",") { + for _, reqOrigin := range req.Header["Origin"] { + if reqOrigin == allowedOrigin { + (*w).Header().Set("Access-Control-Allow-Origin", allowedOrigin) + } + } + + } + (*w).Header().Set("Access-Control-Allow-Methods", "GET,OPTIONS") } func ping(w http.ResponseWriter, req *http.Request) {