summary refs log tree commit diff
path: root/vendor/go.mau.fi/util/exhttp/cors.go
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-10-25 15:55:50 +0200
committerEmile <git@emile.space>2024-10-25 15:55:50 +0200
commitc90f36e3dd179d2de96f4f5fe38d8dc9a9de6dfe (patch)
tree89e9afb41c5bf76f48cfb09305a2d3db8d302b06 /vendor/go.mau.fi/util/exhttp/cors.go
parent98bbb0f559a8883bc47bae80607dbe326a448e61 (diff)
vendor HEAD main
Diffstat (limited to 'vendor/go.mau.fi/util/exhttp/cors.go')
-rw-r--r--vendor/go.mau.fi/util/exhttp/cors.go26
1 files changed, 26 insertions, 0 deletions
diff --git a/vendor/go.mau.fi/util/exhttp/cors.go b/vendor/go.mau.fi/util/exhttp/cors.go
new file mode 100644
index 0000000..037be8d
--- /dev/null
+++ b/vendor/go.mau.fi/util/exhttp/cors.go
@@ -0,0 +1,26 @@
+package exhttp
+
+import "net/http"
+
+func AddCORSHeaders(w http.ResponseWriter) {
+	// Recommended CORS headers can be found in https://spec.matrix.org/v1.3/client-server-api/#web-browser-clients
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization")
+	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';")
+	// Allow browsers to cache above for 1 day
+	w.Header().Set("Access-Control-Max-Age", "86400")
+}
+
+// CORSMiddleware adds CORS headers to the response and handles OPTIONS
+// requests by returning 200 OK immediately.
+func CORSMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		AddCORSHeaders(w)
+		if r.Method == http.MethodOptions {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}