Add config options for cors handling (#124)

Add config options for cors handling Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/124
2020-01-26 19:09:54 +00:00
parent 7e9446ea07
commit b2b1546a8f
4 changed files with 44 additions and 10 deletions
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -138,16 +138,19 @@ func RegisterRoutes(e *echo.Echo) {
 	}

 	// CORS_SHIT
-	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		AllowOrigins: []string{"*"},
-		Skipper: func(context echo.Context) bool {
-			// Since it is not possible to register this middleware just for the api group,
-			// we just disable it when for caldav requests.
-			// Caldav requires OPTIONS requests to be answered in a specific manner,
-			// not doing this would break the caldav implementation
-			return strings.HasPrefix(context.Path(), "/dav")
-		},
-	}))
+	if config.CorsEnable.GetBool() {
+		e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+			AllowOrigins: config.CorsOrigins.GetStringSlice(),
+			MaxAge:       config.CorsMaxAge.GetInt(),
+			Skipper: func(context echo.Context) bool {
+				// Since it is not possible to register this middleware just for the api group,
+				// we just disable it when for caldav requests.
+				// Caldav requires OPTIONS requests to be answered in a specific manner,
+				// not doing this would break the caldav implementation
+				return strings.HasPrefix(context.Path(), "/dav")
+			},
+		}))
+	}

 	// API Routes
 	a := e.Group("/api/v1")