Skip to content

Commit

Permalink
fix: Add Authorization header to CORS allowed headers (sourcenetwork#…
Browse files Browse the repository at this point in the history 
…3178)

## Relevant issue(s)

Resolves sourcenetwork#3177 

## Description

This PR adds the Authorization header to the CORS list of allowed
headers. This bug what flagged from a partner trying to use
authorization from a browser app.
  • Loading branch information
@fredcarle
fredcarle authored Oct 25, 2024
1 parent d95c51f commit 12669e4
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion http/middleware.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func CorsMiddleware(allowedOrigins []string) func(http.Handler) http.Handler {
return slices.Contains(allowedOrigins, strings.ToLower(origin))
},
AllowedMethods: []string{"GET", "HEAD", "POST", "PATCH", "DELETE"},
AllowedHeaders: []string{"Content-Type"},
AllowedHeaders: []string{"Content-Type", "Authorization"},
MaxAge: 300,
})
}
Expand Down
2 changes: 2 additions & 0 deletions http/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,8 @@ func TestServerListenAndServeWithAllowedOrigins(t *testing.T) {
req, err := http.NewRequest(http.MethodOptions, "http://127.0.0.1:30001", nil)
require.NoError(t, err)
req.Header.Add("origin", "localhost")
req.Header.Add("Access-Control-Request-Method", "POST")
req.Header.Add("Access-Control-Request-Headers", "Authorization, Content-Type")

res, err := http.DefaultClient.Do(req)
require.NoError(t, err)
Expand Down

0 comments on commit 12669e4

Please sign in to comment.