fix: remove AllowCredentials check for allow origins (#16)
This commit is contained in:
parent
79e0d17cc9
commit
bec00ec825
@ -48,7 +48,7 @@ func (cors *cors) applyCors(c *gin.Context) {
|
|||||||
cors.handleNormal(c)
|
cors.handleNormal(c)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !cors.allowAllOrigins && !cors.allowCredentials {
|
if !cors.allowAllOrigins {
|
||||||
c.Header("Access-Control-Allow-Origin", origin)
|
c.Header("Access-Control-Allow-Origin", origin)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -238,6 +238,12 @@ func TestPassesAllowedOrigins(t *testing.T) {
|
|||||||
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Equal(t, "Data,X-User", w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Equal(t, "Data,X-User", w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
|
||||||
|
w = performRequest(router, "GET", "http://github.com")
|
||||||
|
assert.Equal(t, "get", w.Body.String())
|
||||||
|
assert.Equal(t, "http://github.com", w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
|
assert.Equal(t, "", w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
|
assert.Equal(t, "Data,X-User", w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
|
||||||
// deny CORS request
|
// deny CORS request
|
||||||
w = performRequest(router, "GET", "https://google.com")
|
w = performRequest(router, "GET", "https://google.com")
|
||||||
assert.Equal(t, 403, w.Code)
|
assert.Equal(t, 403, w.Code)
|
||||||
@ -280,6 +286,7 @@ func TestPassesAllowedAllOrigins(t *testing.T) {
|
|||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
|
|
||||||
// allowed CORS request
|
// allowed CORS request
|
||||||
w = performRequest(router, "POST", "example.com")
|
w = performRequest(router, "POST", "example.com")
|
||||||
@ -287,6 +294,7 @@ func TestPassesAllowedAllOrigins(t *testing.T) {
|
|||||||
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.Equal(t, "Data2,X-User2", w.Header().Get("Access-Control-Expose-Headers"))
|
assert.Equal(t, "Data2,X-User2", w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
|
assert.Equal(t, "*", w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
|
|
||||||
// allowed CORS prefligh request
|
// allowed CORS prefligh request
|
||||||
w = performRequest(router, "OPTIONS", "https://facebook.com")
|
w = performRequest(router, "OPTIONS", "https://facebook.com")
|
||||||
|
Loading…
Reference in New Issue
Block a user