diff --git a/backend/src/api/api.go b/backend/src/api/api.go index 68bb3ce..203df72 100644 --- a/backend/src/api/api.go +++ b/backend/src/api/api.go @@ -2,6 +2,7 @@ package api import ( "fmt" + "github.com/Stefan923/go-estate-market/api/middleware" "github.com/Stefan923/go-estate-market/api/router" validator2 "github.com/Stefan923/go-estate-market/api/validator" "github.com/Stefan923/go-estate-market/config" @@ -15,6 +16,8 @@ func StartServer(config *config.Config) { gin.SetMode(config.Server.RunningMode) engine := gin.New() + engine.Use(middleware.CreateCorsMiddleware(config)) + registerRoutes(engine, config) registerValidators() diff --git a/backend/src/api/middleware/cors.go b/backend/src/api/middleware/cors.go new file mode 100644 index 0000000..044540e --- /dev/null +++ b/backend/src/api/middleware/cors.go @@ -0,0 +1,23 @@ +package middleware + +import ( + "github.com/Stefan923/go-estate-market/config" + "github.com/gin-gonic/gin" +) + +func CreateCorsMiddleware(cfg *config.Config) gin.HandlerFunc { + return func(context *gin.Context) { + context.Writer.Header().Set("Access-Control-Allow-Origin", cfg.Server.Cors.AllowedOrigins) + context.Header("Access-Control-Allow-Credentials", cfg.Server.Cors.AllowCredentials) + context.Header("Access-Control-Allow-Headers", cfg.Server.Cors.AllowedHeaders) + context.Header("Access-Control-Allow-Methods", cfg.Server.Cors.AllowedMethods) + context.Header("Access-Control-Max-Age", cfg.Server.Cors.MaxAge) + context.Set("content-type", cfg.Server.Cors.ContentType) + if context.Request.Method == "OPTIONS" { + context.AbortWithStatus(204) + return + } + + context.Next() + } +} diff --git a/backend/src/config/config.go b/backend/src/config/config.go index c890c1d..9b9cd64 100644 --- a/backend/src/config/config.go +++ b/backend/src/config/config.go @@ -52,6 +52,16 @@ type ServerConfig struct { RunningMode string InternalPort string ExternalPort string + Cors CorsConfig +} + +type CorsConfig struct { + AllowedOrigins string + AllowedHeaders string + AllowedMethods string + AllowCredentials string + ContentType string + MaxAge string } func GetConfig() *Config { diff --git a/backend/src/config/development-config.yml b/backend/src/config/development-config.yml index 0d0ef23..3827d7e 100644 --- a/backend/src/config/development-config.yml +++ b/backend/src/config/development-config.yml @@ -25,4 +25,11 @@ auth: server: internalPort: 5000 externalPort: 5000 - runningMode: debug \ No newline at end of file + runningMode: debug + cors: + allowedOrigins: "*" + allowedHeaders: "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With" + allowedMethods: "POST , GET, OPTIONS, PUT, DELETE, UPDATE" + allowCredentials: "true" + contentType: "application/json" + maxAge: "21600" \ No newline at end of file diff --git a/backend/src/config/docker-config.yml b/backend/src/config/docker-config.yml index a9feddc..727e211 100644 --- a/backend/src/config/docker-config.yml +++ b/backend/src/config/docker-config.yml @@ -25,4 +25,11 @@ auth: server: internalPort: 5000 externalPort: 5000 - runningMode: debug \ No newline at end of file + runningMode: debug + cors: + allowedOrigins: "*" + allowedHeaders: "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With" + allowedMethods: "POST , GET, OPTIONS, PUT, DELETE, UPDATE" + allowCredentials: "true" + contentType: "application/json" + maxAge: "21600" \ No newline at end of file