From 87b444b283808d01ae99fcdbc3b781ebc35127d8 Mon Sep 17 00:00:00 2001 From: Gabe Farrell Date: Tue, 11 Apr 2023 17:22:31 -0400 Subject: [PATCH] cors --- go.mod | 1 + go.sum | 2 ++ main.go | 12 ++++++++++++ 3 files changed, 15 insertions(+) diff --git a/go.mod b/go.mod index afdcacd..56fca99 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.19 require ( github.com/go-chi/chi/v5 v5.0.8 // indirect + github.com/go-chi/cors v1.2.1 // indirect github.com/golang/snappy v0.0.1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/joho/godotenv v1.5.1 // indirect diff --git a/go.sum b/go.sum index 66d066c..c52919c 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0= github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= +github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= diff --git a/main.go b/main.go index b54d359..0b8081d 100644 --- a/main.go +++ b/main.go @@ -6,6 +6,7 @@ import ( "net/http" "github.com/go-chi/chi/v5" + "github.com/go-chi/cors" "github.com/jacobmveber-01839764/BudgetBuddy/db" "github.com/jacobmveber-01839764/BudgetBuddy/routes" "github.com/jacobmveber-01839764/BudgetBuddy/widgets" @@ -26,6 +27,17 @@ func main() { // disconnect to DB on application exit defer db.Client.Disconnect(context.Background()) + r.Use(cors.Handler(cors.Options{ + // AllowedOrigins: []string{"https://foo.com"}, // Use this to allow specific origin hosts + AllowedOrigins: []string{"https://*", "http://*"}, + // AllowOriginFunc: func(r *http.Request, origin string) bool { return true }, + AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, + AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, + ExposedHeaders: []string{"Link"}, + AllowCredentials: false, + MaxAge: 300, // Maximum value not ignored by any of major browsers + })) + r.Post("/auth/login", routes.Login) r.Post("/auth/login/session", routes.Login) r.Post("/auth/createaccount", routes.CreateAccount)