Allows browser extensions in cors (#317)

gotify · May 10, 2020 · 93b30c5 · 93b30c5
1 parent 7523ad0
commit 93b30c5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/auth/cors.go b/auth/cors.go
@@ -13,7 +13,8 @@ import (
 // CorsConfig generates a config to use in gin cors middleware based on server configuration
 func CorsConfig(conf *config.Configuration) cors.Config {
 	corsConf := cors.Config{
-		MaxAge: 12 * time.Hour,
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}
 	if mode.IsDev() {
 		corsConf.AllowAllOrigins = true

diff --git a/auth/cors_test.go b/auth/cors_test.go
@@ -22,10 +22,11 @@ func TestCorsConfig(t *testing.T) {
 	actual.AllowOriginFunc = nil // func cannot be checked with equal
 
 	assert.Equal(t, cors.Config{
-		AllowAllOrigins: false,
-		AllowHeaders:    []string{"content-type"},
-		AllowMethods:    []string{"GET"},
-		MaxAge:          12 * time.Hour,
+		AllowAllOrigins:        false,
+		AllowHeaders:           []string{"content-type"},
+		AllowMethods:           []string{"GET"},
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}, actual)
 	assert.NotNil(t, allowF)
 	assert.True(t, allowF("http://test.com"))
@@ -42,9 +43,10 @@ func TestEmptyCorsConfigWithResponseHeaders(t *testing.T) {
 	actual.AllowOriginFunc = nil // func cannot be checked with equal
 
 	assert.Equal(t, cors.Config{
-		AllowAllOrigins: false,
-		AllowOrigins:    []string{"https://example.com"},
-		MaxAge:          12 * time.Hour,
+		AllowAllOrigins:        false,
+		AllowOrigins:           []string{"https://example.com"},
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}, actual)
 }
 
@@ -60,8 +62,9 @@ func TestDevCorsConfig(t *testing.T) {
 	assert.Equal(t, cors.Config{
 		AllowHeaders: []string{"X-Gotify-Key", "Authorization", "Content-Type", "Upgrade", "Origin",
 			"Connection", "Accept-Encoding", "Accept-Language", "Host"},
-		AllowMethods:    []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"},
-		MaxAge:          12 * time.Hour,
-		AllowAllOrigins: true,
+		AllowMethods:           []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"},
+		MaxAge:                 12 * time.Hour,
+		AllowAllOrigins:        true,
+		AllowBrowserExtensions: true,
 	}, actual)
 }