diff --git a/internal/middleware/cors.go b/internal/middleware/cors.go index b82f1ea..a5e6d05 100644 --- a/internal/middleware/cors.go +++ b/internal/middleware/cors.go @@ -9,32 +9,38 @@ import ( var allowedOrigins = []string{ "https://bbs.littlelan.cn", + "https://admin.littlelan.cn", + "https://browser.littlelan.cn", "http://localhost:3000", "http://localhost:5173", "http://127.0.0.1:3000", "http://127.0.0.1:5173", } +func isAllowedOrigin(origin string) bool { + for _, o := range allowedOrigins { + if o == origin { + return true + } + } + + if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") { + return true + } + + if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") { + return true + } + + return false +} + func CORS() gin.HandlerFunc { return func(c *gin.Context) { origin := c.GetHeader("Origin") - allowedOrigin := "" - for _, o := range allowedOrigins { - if o == origin { - allowedOrigin = o - break - } - } - - if allowedOrigin == "" { - if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") { - allowedOrigin = origin - } - } - - if allowedOrigin != "" { - c.Header("Access-Control-Allow-Origin", allowedOrigin) + if isAllowedOrigin(origin) { + c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Credentials", "true") }