Add CORS support to GET requests

author: Nick Thomas <nick@gitlab.com> 2017-06-14 20:11:56 +0300
committer: Nick Thomas <nick@gitlab.com> 2017-06-15 19:40:43 +0300
commit: 3e4c8c7c8fd519cfba327cced38c81756dba816d (patch)
tree: afaec1709558457705e1230239792f2ddb4dfe2c /app.go
parent: d7de6b25b36ae245c9befdd09162a169b9d28651 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/app.go b/app.go
index 59912bb1..7e63a802 100644
--- a/app.go
+++ b/app.go
@@ -12,12 +12,18 @@ import (
 
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/rs/cors"
+
 	"gitlab.com/gitlab-org/gitlab-pages/metrics"
 )
 
 const xForwardedProto = "X-Forwarded-Proto"
 const xForwardedProtoHTTPS = "https"
 
+var (
+	corsHandler = cors.New(cors.Options{AllowedMethods: []string{"GET"}})
+)
+
 type theApp struct {
 	appConfig
 	domains domains
@@ -73,8 +79,13 @@ func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https boo
 		return
 	}
 
-	// Serve static file
-	domain.ServeHTTP(&w, r)
+	// Serve static file, applying CORS headers if necessary
+	if a.DisableCrossOriginRequests {
+		domain.ServeHTTP(&w, r)
+	} else {
+		corsHandler.ServeHTTP(&w, r, domain.ServeHTTP)
+	}
+
 	metrics.ProcessedRequests.WithLabelValues(strconv.Itoa(w.status), r.Method).Inc()
 }
author	Nick Thomas <nick@gitlab.com>	2017-06-14 20:11:56 +0300
committer	Nick Thomas <nick@gitlab.com>	2017-06-15 19:40:43 +0300
commit	3e4c8c7c8fd519cfba327cced38c81756dba816d (patch)
tree	afaec1709558457705e1230239792f2ddb4dfe2c /app.go
parent	d7de6b25b36ae245c9befdd09162a169b9d28651 (diff)