Skip to content

Commit e7029c2

Browse files
committed
Update cors
1 parent 4cf4402 commit e7029c2

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

backend/internal/middleware/cors.go

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
package middleware
22

33
import (
4+
"net/http"
5+
46
"github.com/gin-gonic/gin"
57
)
68

@@ -25,12 +27,18 @@ func CORSMiddleware(frontendURL string) gin.HandlerFunc {
2527
// This is necessary because the tracking script needs to work from any website
2628
func TrackingCORSMiddleware() gin.HandlerFunc {
2729
return func(c *gin.Context) {
28-
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
30+
origin := c.GetHeader("Origin")
31+
if origin == "" {
32+
origin = "*" // fallback, optional
33+
}
34+
35+
c.Writer.Header().Set("Access-Control-Allow-Origin", origin) // dynamic origin
2936
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
3037
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
38+
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
3139
c.Writer.Header().Set("Access-Control-Max-Age", "86400")
3240

33-
if c.Request.Method == "OPTIONS" {
41+
if c.Request.Method == http.MethodOptions {
3442
c.AbortWithStatus(204)
3543
return
3644
}

0 commit comments

Comments
 (0)