llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 19:40:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add util.IsValidOrigin() to improve CORS filter (#3301)

Browse Source 
* fix: CORS check issue

* fix: promote format

* fix: promote format

* fix: promote format

* fix: promote format

* Update application.go

* Update cors_filter.go

* Update validation.go

---------

Co-authored-by: Yang Luo <hsluoyz@qq.com>
This commit is contained in:
DacongDA
2024-10-20 20:09:21 +08:00
committed by GitHub
parent 6fcdad2100
commit c0800b7fb3
3 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
routers/cors_filter.go
View File

@ -16,11 +16,11 @@ package routers
import (
"net/http"
"strings"
"github.com/beego/beego/context"
"github.com/casdoor/casdoor/conf"
"github.com/casdoor/casdoor/object"
"github.com/casdoor/casdoor/util"
)
const (
@ -52,7 +52,13 @@ func CorsFilter(ctx *context.Context) {
origin = ""
}
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
isValid, err := util.IsValidOrigin(origin)
if err != nil {
ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
responseError(ctx, err.Error())
return
}
if isValid {
setCorsHeaders(ctx, origin)
return
}