Fix CORS / add Access-Control-Allow-Origin * to all methods (#69)

The header is not only necessary on the OPTIONS request, but on any method, so I removed the condition.

Serving any workadventure map was broken BTW. We should have tested this :-(

Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/69
Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org>
Co-authored-by: Otto Richter <otto@codeberg.org>
Co-committed-by: Otto Richter <otto@codeberg.org>
This commit is contained in:
Otto Richter 2022-04-10 18:11:00 +02:00 committed by Andreas Shimokawa
parent 1e4dfe2ae8
commit a2c5376d9a

View File

@ -54,7 +54,6 @@ func Handler(mainDomainSuffix, rawDomain []byte,
} }
// Allow CORS for specified domains // Allow CORS for specified domains
if ctx.IsOptions() {
allowCors := false allowCors := false
for _, allowedCorsDomain := range allowedCorsDomains { for _, allowedCorsDomain := range allowedCorsDomains {
if bytes.Equal(trimmedHost, allowedCorsDomain) { if bytes.Equal(trimmedHost, allowedCorsDomain) {
@ -67,6 +66,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD") ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD")
} }
ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS") ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS")
if ctx.IsOptions() {
ctx.Response.Header.SetStatusCode(fasthttp.StatusNoContent) ctx.Response.Header.SetStatusCode(fasthttp.StatusNoContent)
return return
} }