Fix CORS / add Access-Control-Allow-Origin * to all methods (#69)

The header is not only necessary on the OPTIONS request, but on any method, so I removed the condition. Serving any workadventure map was broken BTW. We should have tested this :-( Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/69 Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org> Co-authored-by: Otto Richter <otto@codeberg.org> Co-committed-by: Otto Richter <otto@codeberg.org>
2022-04-10 18:11:00 +02:00 · 2022-04-10 18:11:00 +02:00 · a2c5376d9a
parent 1e4dfe2ae8
commit a2c5376d9a
1 changed files with 12 additions and 12 deletions
--- a/server/handler.go
+++ b/server/handler.go
@ -54,19 +54,19 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 		}

 		// Allow CORS for specified domains
+		allowCors := false
+		for _, allowedCorsDomain := range allowedCorsDomains {
+			if bytes.Equal(trimmedHost, allowedCorsDomain) {
+				allowCors = true
+				break
+			}
+		}
+		if allowCors {
+			ctx.Response.Header.Set("Access-Control-Allow-Origin", "*")
+			ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD")
+		}
+		ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS")
 		if ctx.IsOptions() {
-			allowCors := false
-			for _, allowedCorsDomain := range allowedCorsDomains {
-				if bytes.Equal(trimmedHost, allowedCorsDomain) {
-					allowCors = true
-					break
-				}
-			}
-			if allowCors {
-				ctx.Response.Header.Set("Access-Control-Allow-Origin", "*")
-				ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, HEAD")
-			}
-			ctx.Response.Header.Set("Allow", "GET, HEAD, OPTIONS")
 			ctx.Response.Header.SetStatusCode(fasthttp.StatusNoContent)
 			return
 		}