From bdfcbdadead643a2e982233af042a48b98db9b3e Mon Sep 17 00:00:00 2001 From: lafay <2021211506@stu.hit.edu.cn> Date: Thu, 19 Mar 2026 22:46:21 +0800 Subject: [PATCH] fix(cors): add admin.littlelan.cn and browser.littlelan.cn, support *.littlelan.cn subdomains --- internal/middleware/cors.go | 38 +++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/internal/middleware/cors.go b/internal/middleware/cors.go index b82f1ea..a5e6d05 100644 --- a/internal/middleware/cors.go +++ b/internal/middleware/cors.go @@ -9,32 +9,38 @@ import ( var allowedOrigins = []string{ "https://bbs.littlelan.cn", + "https://admin.littlelan.cn", + "https://browser.littlelan.cn", "http://localhost:3000", "http://localhost:5173", "http://127.0.0.1:3000", "http://127.0.0.1:5173", } +func isAllowedOrigin(origin string) bool { + for _, o := range allowedOrigins { + if o == origin { + return true + } + } + + if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") { + return true + } + + if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") { + return true + } + + return false +} + func CORS() gin.HandlerFunc { return func(c *gin.Context) { origin := c.GetHeader("Origin") - allowedOrigin := "" - for _, o := range allowedOrigins { - if o == origin { - allowedOrigin = o - break - } - } - - if allowedOrigin == "" { - if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") { - allowedOrigin = origin - } - } - - if allowedOrigin != "" { - c.Header("Access-Control-Allow-Origin", allowedOrigin) + if isAllowedOrigin(origin) { + c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Credentials", "true") }