Skip to content
Snippets Groups Projects
Unverified Commit dce31d82 authored by Josiah Evans's avatar Josiah Evans Committed by GitHub
Browse files

feat: Add configurable CORS Headers (#3114)

parent 68d2a88f
No related branches found
No related tags found
No related merge requests found
......@@ -150,6 +150,7 @@ type Web struct {
TLSCert string `json:"tlsCert"`
TLSKey string `json:"tlsKey"`
AllowedOrigins []string `json:"allowedOrigins"`
AllowedHeaders []string `json:"allowedHeaders"`
}
// Telemetry is the config format for telemetry including the HTTP server config.
......
......@@ -265,6 +265,7 @@ func runServe(options serveOptions) error {
AlwaysShowLoginScreen: c.OAuth2.AlwaysShowLoginScreen,
PasswordConnector: c.OAuth2.PasswordConnector,
AllowedOrigins: c.Web.AllowedOrigins,
AllowedHeaders: c.Web.AllowedHeaders,
Issuer: c.Issuer,
Storage: s,
Web: c.Frontend,
......
......@@ -77,6 +77,9 @@ type Config struct {
// domain.
AllowedOrigins []string
// List of allowed headers for CORS requests on discovery, token, and keys endpoint.
AllowedHeaders []string
// If enabled, the server won't prompt the user to approve authorization requests.
// Logging in implies approval.
SkipApprovalScreen bool
......@@ -214,6 +217,9 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
if len(c.SupportedResponseTypes) == 0 {
c.SupportedResponseTypes = []string{responseTypeCode}
}
if len(c.AllowedHeaders) == 0 {
c.AllowedHeaders = []string{"Authorization"}
}
allSupportedGrants := map[string]bool{
grantTypeAuthorizationCode: true,
......@@ -353,12 +359,9 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
handleWithCORS := func(p string, h http.HandlerFunc) {
var handler http.Handler = h
if len(c.AllowedOrigins) > 0 {
allowedHeaders := []string{
"Authorization",
}
cors := handlers.CORS(
handlers.AllowedOrigins(c.AllowedOrigins),
handlers.AllowedHeaders(allowedHeaders),
handlers.AllowedHeaders(c.AllowedHeaders),
)
handler = cors(handler)
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment