mirror of
https://github.com/1Panel-dev/1Panel.git
synced 2025-02-07 17:10:07 +08:00
feat: 删除 CORS 相关
This commit is contained in:
zhengkunwang223
zhengkunwang223
parent
3a7cd173e6
commit
e3976aa359
@ -4,5 +4,4 @@ type ServerConfig struct {
|
|||||||
BaseDir string `mapstructure:"base_dir"`
|
BaseDir string `mapstructure:"base_dir"`
|
||||||
System System `mapstructure:"system"`
|
System System `mapstructure:"system"`
|
||||||
LogConfig LogConfig `mapstructure:"log"`
|
LogConfig LogConfig `mapstructure:"log"`
|
||||||
CORS CORS `mapstructure:"cors"`
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,14 +0,0 @@
|
|||||||
package configs
|
|
||||||
|
|
||||||
type CORS struct {
|
|
||||||
Mode string `mapstructure:"mode"`
|
|
||||||
WhiteList []CORSWhiteList `mapstructure:"whitelist"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type CORSWhiteList struct {
|
|
||||||
AllowOrigin string `mapstructure:"allow-origin"`
|
|
||||||
AllowMethods string `mapstructure:"allow-methods"`
|
|
||||||
AllowHeaders string `mapstructure:"allow-headers"`
|
|
||||||
ExposeHeaders string `mapstructure:"expose-headers"`
|
|
||||||
AllowCredentials bool `mapstructure:"allow-credentials"`
|
|
||||||
}
|
|
||||||
@ -1,64 +0,0 @@
|
|||||||
package middleware
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"github.com/1Panel-dev/1Panel/backend/configs"
|
|
||||||
"github.com/1Panel-dev/1Panel/backend/global"
|
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
|
||||||
|
|
||||||
func Cors() gin.HandlerFunc {
|
|
||||||
return func(c *gin.Context) {
|
|
||||||
method := c.Request.Method
|
|
||||||
origin := c.Request.Header.Get("Origin")
|
|
||||||
c.Header("Access-Control-Allow-Origin", origin)
|
|
||||||
c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
|
|
||||||
c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
|
|
||||||
c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
|
|
||||||
c.Header("Access-Control-Allow-Credentials", "true")
|
|
||||||
|
|
||||||
if method == "OPTIONS" {
|
|
||||||
c.AbortWithStatus(http.StatusNoContent)
|
|
||||||
}
|
|
||||||
c.Next()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func CorsByRules() gin.HandlerFunc {
|
|
||||||
mode := global.CONF.CORS.Mode
|
|
||||||
if mode == "allow-all" {
|
|
||||||
return Cors()
|
|
||||||
}
|
|
||||||
return func(c *gin.Context) {
|
|
||||||
whitelist := checkCors(c.GetHeader("origin"))
|
|
||||||
if whitelist != nil {
|
|
||||||
c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
|
|
||||||
c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
|
|
||||||
c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
|
|
||||||
c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
|
|
||||||
if whitelist.AllowCredentials {
|
|
||||||
c.Header("Access-Control-Allow-Credentials", "true")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if whitelist == nil && mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
|
|
||||||
c.AbortWithStatus(http.StatusForbidden)
|
|
||||||
} else {
|
|
||||||
if c.Request.Method == "OPTIONS" {
|
|
||||||
c.AbortWithStatus(http.StatusNoContent)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Next()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func checkCors(currentOrigin string) *configs.CORSWhiteList {
|
|
||||||
for _, whitelist := range global.CONF.CORS.WhiteList {
|
|
||||||
if currentOrigin == whitelist.AllowOrigin {
|
|
||||||
return &whitelist
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
Loading…
x
Reference in New Issue
Block a user