fix(cors): add admin.littlelan.cn and browser.littlelan.cn, support *.littlelan.cn subdomains
All checks were successful
Build Backend / build (push) Successful in 12m24s
Build Backend / build-docker (push) Successful in 13m8s

This commit is contained in:
lafay
2026-03-19 22:46:21 +08:00
parent 2c1f2f47ec
commit bdfcbdadea

View File

@@ -9,32 +9,38 @@ import (
var allowedOrigins = []string{
"https://bbs.littlelan.cn",
"https://admin.littlelan.cn",
"https://browser.littlelan.cn",
"http://localhost:3000",
"http://localhost:5173",
"http://127.0.0.1:3000",
"http://127.0.0.1:5173",
}
func isAllowedOrigin(origin string) bool {
for _, o := range allowedOrigins {
if o == origin {
return true
}
}
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
return true
}
if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") {
return true
}
return false
}
func CORS() gin.HandlerFunc {
return func(c *gin.Context) {
origin := c.GetHeader("Origin")
allowedOrigin := ""
for _, o := range allowedOrigins {
if o == origin {
allowedOrigin = o
break
}
}
if allowedOrigin == "" {
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
allowedOrigin = origin
}
}
if allowedOrigin != "" {
c.Header("Access-Control-Allow-Origin", allowedOrigin)
if isAllowedOrigin(origin) {
c.Header("Access-Control-Allow-Origin", origin)
c.Header("Access-Control-Allow-Credentials", "true")
}