fix: prohibit cross-origin access (#462)

2025-07-02 03:00:18 +08:00 · 2022-01-29 21:52:04 +08:00
parent 259a4e1307
commit 5757021e87
3 changed files with 12 additions and 13 deletions
--- a/main.go
+++ b/main.go
@ -19,7 +19,6 @@ import (

 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/logs"
-	"github.com/astaxie/beego/plugins/cors"
 	_ "github.com/astaxie/beego/session/redis"
 	"github.com/casdoor/casdoor/authz"
 	"github.com/casdoor/casdoor/object"
@ -40,14 +39,6 @@ func main() {

 	go object.RunSyncUsersJob()

-	beego.InsertFilter("*", beego.BeforeRouter, cors.Allow(&cors.Options{
-		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET", "PUT", "PATCH"},
-		AllowHeaders:     []string{"Origin"},
-		ExposeHeaders:    []string{"Content-Length"},
-		AllowCredentials: true,
-	}))
-
 	//beego.DelStaticPath("/static")
 	beego.SetStaticPath("/static", "web/build/static")
 	beego.BConfig.WebConfig.DirectoryIndex = true