mirror of
https://github.com/caddyserver/caddy.git
synced 2025-10-23 23:09:19 -04:00
admin: Only write most CORS headers in OPTIONS requests
This commit is contained in:
parent
95ed603de7
commit
16ee985c22
6
admin.go
6
admin.go
@ -50,7 +50,7 @@ type AdminConfig struct {
|
|||||||
|
|
||||||
// The address to which the admin endpoint's listener should
|
// The address to which the admin endpoint's listener should
|
||||||
// bind itself. Can be any single network address that can be
|
// bind itself. Can be any single network address that can be
|
||||||
// parsed by Caddy.
|
// parsed by Caddy. Default: localhost:2019
|
||||||
Listen string `json:"listen,omitempty"`
|
Listen string `json:"listen,omitempty"`
|
||||||
|
|
||||||
// If true, CORS headers will be emitted, and requests to the
|
// If true, CORS headers will be emitted, and requests to the
|
||||||
@ -282,11 +282,13 @@ func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Access-Control-Allow-Origin", origin)
|
if r.Method == http.MethodOptions {
|
||||||
w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE")
|
w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE")
|
||||||
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Cache-Control")
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Cache-Control")
|
||||||
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
||||||
}
|
}
|
||||||
|
w.Header().Set("Access-Control-Allow-Origin", origin)
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: authentication & authorization, if configured
|
// TODO: authentication & authorization, if configured
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user