From 93b30c5c441bc482271459b69db80cc13ead9d78 Mon Sep 17 00:00:00 2001
From: Stewart Thomson <stewartthomson3@gmail.com>
Date: Sun, 10 May 2020 02:32:27 -0400
Subject: [PATCH] Allows browser extensions in cors (#317)

---
 auth/cors.go      |  3 ++-
 auth/cors_test.go | 23 +++++++++++++----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/auth/cors.go b/auth/cors.go
index 3d8c2aa02..5e628c217 100644
--- a/auth/cors.go
+++ b/auth/cors.go
@@ -13,7 +13,8 @@ import (
 // CorsConfig generates a config to use in gin cors middleware based on server configuration
 func CorsConfig(conf *config.Configuration) cors.Config {
 	corsConf := cors.Config{
-		MaxAge: 12 * time.Hour,
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}
 	if mode.IsDev() {
 		corsConf.AllowAllOrigins = true
diff --git a/auth/cors_test.go b/auth/cors_test.go
index a3254de25..4ec82a595 100644
--- a/auth/cors_test.go
+++ b/auth/cors_test.go
@@ -22,10 +22,11 @@ func TestCorsConfig(t *testing.T) {
 	actual.AllowOriginFunc = nil // func cannot be checked with equal
 
 	assert.Equal(t, cors.Config{
-		AllowAllOrigins: false,
-		AllowHeaders:    []string{"content-type"},
-		AllowMethods:    []string{"GET"},
-		MaxAge:          12 * time.Hour,
+		AllowAllOrigins:        false,
+		AllowHeaders:           []string{"content-type"},
+		AllowMethods:           []string{"GET"},
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}, actual)
 	assert.NotNil(t, allowF)
 	assert.True(t, allowF("http://test.com"))
@@ -42,9 +43,10 @@ func TestEmptyCorsConfigWithResponseHeaders(t *testing.T) {
 	actual.AllowOriginFunc = nil // func cannot be checked with equal
 
 	assert.Equal(t, cors.Config{
-		AllowAllOrigins: false,
-		AllowOrigins:    []string{"https://example.com"},
-		MaxAge:          12 * time.Hour,
+		AllowAllOrigins:        false,
+		AllowOrigins:           []string{"https://example.com"},
+		MaxAge:                 12 * time.Hour,
+		AllowBrowserExtensions: true,
 	}, actual)
 }
 
@@ -60,8 +62,9 @@ func TestDevCorsConfig(t *testing.T) {
 	assert.Equal(t, cors.Config{
 		AllowHeaders: []string{"X-Gotify-Key", "Authorization", "Content-Type", "Upgrade", "Origin",
 			"Connection", "Accept-Encoding", "Accept-Language", "Host"},
-		AllowMethods:    []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"},
-		MaxAge:          12 * time.Hour,
-		AllowAllOrigins: true,
+		AllowMethods:           []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"},
+		MaxAge:                 12 * time.Hour,
+		AllowAllOrigins:        true,
+		AllowBrowserExtensions: true,
 	}, actual)
 }