sovonegr/neomovies-api
1
0
Fork 0
mirror of https://gitlab.com/foxixus/neomovies-api.git synced 2025-10-27 17:38:51 +05:00
Code Issues Packages Projects Releases Wiki Activity

fix: remove AllowCredentials from CORS to support wildcard origin

Browse Source
This commit is contained in:
Cursor Agent
2025-10-04 19:07:22 +00:00
parent e734e462c4
commit 4e6e447e79
2 changed files with 46 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
api/index.go
View File

@@ -150,12 +150,30 @@ func Handler(w http.ResponseWriter, r *http.Request) {
protected.HandleFunc("/reactions/{mediaType}/{mediaId}", reactionsHandler.RemoveReaction).Methods("DELETE") protected.HandleFunc("/reactions/{mediaType}/{mediaId}", reactionsHandler.RemoveReaction).Methods("DELETE")
protected.HandleFunc("/reactions/my", reactionsHandler.GetMyReactions).Methods("GET") protected.HandleFunc("/reactions/my", reactionsHandler.GetMyReactions).Methods("GET")
// CORS configuration - allow all origins
corsHandler := handlers.CORS( corsHandler := handlers.CORS(
handlers.AllowedOrigins([]string{"*"}), handlers.AllowedOrigins([]string{
handlers.AllowedMethods([]string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}), "*", // Allow all origins
handlers.AllowedHeaders([]string{"Authorization", "Content-Type", "Accept", "Origin", "X-Requested-With", "X-CSRF-Token"}), }),
handlers.AllowCredentials(), handlers.AllowedMethods([]string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"}),
handlers.ExposedHeaders([]string{"Authorization", "Content-Type"}), handlers.AllowedHeaders([]string{
"Authorization",
"Content-Type",
"Accept",
"Origin",
"X-Requested-With",
"X-CSRF-Token",
"Access-Control-Allow-Origin",
"Access-Control-Allow-Headers",
"Access-Control-Allow-Methods",
"Access-Control-Allow-Credentials",
}),
handlers.ExposedHeaders([]string{
"Authorization",
"Content-Type",
"X-Total-Count",
}),
handlers.MaxAge(3600),
) )
corsHandler(router).ServeHTTP(w, r) corsHandler(router).ServeHTTP(w, r)

28
main.go
View File

@@ -129,12 +129,30 @@ func main() {
protected.HandleFunc("/reactions/{mediaType}/{mediaId}", reactionsHandler.RemoveReaction).Methods("DELETE") protected.HandleFunc("/reactions/{mediaType}/{mediaId}", reactionsHandler.RemoveReaction).Methods("DELETE")
protected.HandleFunc("/reactions/my", reactionsHandler.GetMyReactions).Methods("GET") protected.HandleFunc("/reactions/my", reactionsHandler.GetMyReactions).Methods("GET")
// CORS configuration - allow all origins
corsHandler := handlers.CORS( corsHandler := handlers.CORS(
handlers.AllowedOrigins([]string{"*"}), handlers.AllowedOrigins([]string{
handlers.AllowedMethods([]string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}), "*", // Allow all origins
handlers.AllowedHeaders([]string{"Authorization", "Content-Type", "Accept", "Origin", "X-Requested-With", "X-CSRF-Token"}), }),
handlers.AllowCredentials(), handlers.AllowedMethods([]string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"}),
handlers.ExposedHeaders([]string{"Authorization", "Content-Type"}), handlers.AllowedHeaders([]string{
"Authorization",
"Content-Type",
"Accept",
"Origin",
"X-Requested-With",
"X-CSRF-Token",
"Access-Control-Allow-Origin",
"Access-Control-Allow-Headers",
"Access-Control-Allow-Methods",
"Access-Control-Allow-Credentials",
}),
handlers.ExposedHeaders([]string{
"Authorization",
"Content-Type",
"X-Total-Count",
}),
handlers.MaxAge(3600),
) )
var finalHandler http.Handler var finalHandler http.Handler