From 2ece5556f0c773bdc0ba6aa8dfa8a6bf00a2cba5 Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Fri, 1 Jul 2022 09:01:48 +0100 Subject: [PATCH] Change AccessControlHeaders funtion to modify an existing set of headers --- core/corehttp/gateway.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/core/corehttp/gateway.go b/core/corehttp/gateway.go index b559d9cb9..775961bf0 100644 --- a/core/corehttp/gateway.go +++ b/core/corehttp/gateway.go @@ -76,10 +76,7 @@ func GatewayOption(writable bool, paths ...string) ServeOption { headers[http.CanonicalHeaderKey(h)] = v } - acheaders := AccessControlHeaders() - for k, v := range acheaders { - headers[k] = v - } + AddAccessControlHeaders(headers) offlineApi, err := api.WithOptions(options.Api.Offline(true)) if err != nil { @@ -102,9 +99,16 @@ func GatewayOption(writable bool, paths ...string) ServeOption { } } -func AccessControlHeaders() map[string][]string { - headers := make(map[string][]string) - +// AddAccessControlHeaders adds default headers used for controlling +// cross-origin requests. This function adds several values to the +// Access-Control-Allow-Headers and Access-Control-Expose-Headers entries. +// If the Access-Control-Allow-Origin entry is missing a value of '*' is +// added, indicating that browsers should allow requesting code from any +// origin to access the resource. +// If the Access-Control-Allow-Methods entry is missing a value of 'GET' is +// added, indicating that browsers may use the GET method when issuing cross +// origin requests. +func AddAccessControlHeaders(headers map[string][]string) { // Hard-coded headers. const ACAHeadersName = "Access-Control-Allow-Headers" const ACEHeadersName = "Access-Control-Expose-Headers" @@ -137,8 +141,6 @@ func AccessControlHeaders() map[string][]string { "X-Ipfs-Path", "X-Ipfs-Roots", }, headers[ACEHeadersName]...)) - - return headers } func VersionOption() ServeOption {