Improve CorsFilter code

routers/cors_filter.go

@@ -16,6 +16,7 @@ package routers
 
 import (
 	"net/http"
+	"net/url"
 	"strings"
 
 	"github.com/beego/beego/context"
@@ -36,9 +37,25 @@ func setCorsHeaders(ctx *context.Context, origin string) {
 	ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")
 }
 
+func getHostname(s string) string {
+	if s == "" {
+		return ""
+	}
+
+	l, err := url.Parse(s)
+	if err != nil {
+		panic(err)
+	}
+
+	res := l.Hostname()
+	return res
+}
+
 func CorsFilter(ctx *context.Context) {
 	origin := ctx.Input.Header(headerOrigin)
 	originConf := conf.GetConfigString("origin")
+	originHostname := getHostname(origin)
+	host := ctx.Request.Host
 
 	if strings.HasPrefix(origin, "http://localhost") {
 		setCorsHeaders(ctx, origin)
@@ -55,7 +72,12 @@ func CorsFilter(ctx *context.Context) {
 		return
 	}
 
-	if origin != "" && originConf != "" && origin != originConf {
+	if origin != "" {
+		if origin == originConf {
+			setCorsHeaders(ctx, origin)
+		} else if originHostname == host {
+			setCorsHeaders(ctx, origin)
+		} else {
 			ok, err := object.IsOriginAllowed(origin)
 			if err != nil {
 				panic(err)
@@ -73,6 +95,7 @@ func CorsFilter(ctx *context.Context) {
 				return
 			}
 		}
+	}
 
 	if ctx.Input.Method() == "OPTIONS" {
 		ctx.Output.Header(headerAllowOrigin, "*")