Fix logic error for when setting allowedAllOrigins and allowedCredentials

`Access-Control-Allow-Origin` should returning `Origin` originally of
requests when allowCredentials and allowAllOrigins.
This commit is contained in:
Jonathan 2016-12-04 19:25:10 +08:00 committed by Bo-Yi Wu
parent d075cad469
commit dbbc835584

View File

@ -8,6 +8,7 @@ import (
type cors struct { type cors struct {
allowAllOrigins bool allowAllOrigins bool
allowCredentials bool
allowOriginFunc func(string) bool allowOriginFunc func(string) bool
allowOrigins []string allowOrigins []string
exposeHeaders []string exposeHeaders []string
@ -22,6 +23,7 @@ func newCors(config Config) *cors {
return &cors{ return &cors{
allowOriginFunc: config.AllowOriginFunc, allowOriginFunc: config.AllowOriginFunc,
allowAllOrigins: config.AllowAllOrigins, allowAllOrigins: config.AllowAllOrigins,
allowCredentials: config.AllowCredentials,
allowOrigins: normalize(config.AllowOrigins), allowOrigins: normalize(config.AllowOrigins),
normalHeaders: generateNormalHeaders(config), normalHeaders: generateNormalHeaders(config),
preflightHeaders: generatePreflightHeaders(config), preflightHeaders: generatePreflightHeaders(config),
@ -46,7 +48,7 @@ func (cors *cors) applyCors(c *gin.Context) {
cors.handleNormal(c) cors.handleNormal(c)
} }
if !cors.allowAllOrigins { if !cors.allowAllOrigins && !cors.allowCredentials {
c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Origin", origin)
} }
} }