fix(cors): add admin.littlelan.cn and browser.littlelan.cn, support *.littlelan.cn subdomains
This commit is contained in:
@@ -9,32 +9,38 @@ import (
|
||||
|
||||
var allowedOrigins = []string{
|
||||
"https://bbs.littlelan.cn",
|
||||
"https://admin.littlelan.cn",
|
||||
"https://browser.littlelan.cn",
|
||||
"http://localhost:3000",
|
||||
"http://localhost:5173",
|
||||
"http://127.0.0.1:3000",
|
||||
"http://127.0.0.1:5173",
|
||||
}
|
||||
|
||||
func isAllowedOrigin(origin string) bool {
|
||||
for _, o := range allowedOrigins {
|
||||
if o == origin {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
|
||||
return true
|
||||
}
|
||||
|
||||
if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func CORS() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
origin := c.GetHeader("Origin")
|
||||
allowedOrigin := ""
|
||||
|
||||
for _, o := range allowedOrigins {
|
||||
if o == origin {
|
||||
allowedOrigin = o
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if allowedOrigin == "" {
|
||||
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
|
||||
allowedOrigin = origin
|
||||
}
|
||||
}
|
||||
|
||||
if allowedOrigin != "" {
|
||||
c.Header("Access-Control-Allow-Origin", allowedOrigin)
|
||||
if isAllowedOrigin(origin) {
|
||||
c.Header("Access-Control-Allow-Origin", origin)
|
||||
c.Header("Access-Control-Allow-Credentials", "true")
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user