diff --git a/internal/services/configstore/configstore.go b/internal/services/configstore/configstore.go index b1245a1..b7f2834 100644 --- a/internal/services/configstore/configstore.go +++ b/internal/services/configstore/configstore.go @@ -32,7 +32,6 @@ import ( "agola.io/agola/internal/services/types" "agola.io/agola/internal/util" - ghandlers "github.com/gorilla/handlers" "github.com/gorilla/mux" "go.uber.org/zap" "go.uber.org/zap/zapcore" @@ -115,11 +114,6 @@ func (s *Configstore) Run(ctx context.Context) error { go func() { errCh <- s.readDB.Run(ctx) }() - corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"}) - corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"}) - corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"}) - corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions) - projectGroupHandler := api.NewProjectGroupHandler(logger, s.readDB) projectGroupSubgroupsHandler := api.NewProjectGroupSubgroupsHandler(logger, s.ah, s.readDB) projectGroupProjectsHandler := api.NewProjectGroupProjectsHandler(logger, s.ah, s.readDB) @@ -234,7 +228,7 @@ func (s *Configstore) Run(ctx context.Context) error { apirouter.Handle("/remotesources/{remotesourceref}", deleteRemoteSourceHandler).Methods("DELETE") mainrouter := mux.NewRouter() - mainrouter.PathPrefix("/").Handler(corsHandler(router)) + mainrouter.PathPrefix("/").Handler(router) var tlsConfig *tls.Config if s.c.Web.TLS { diff --git a/internal/services/gateway/gateway.go b/internal/services/gateway/gateway.go index af76a19..dbe6371 100644 --- a/internal/services/gateway/gateway.go +++ b/internal/services/gateway/gateway.go @@ -137,10 +137,17 @@ func NewGateway(gc *config.Config) (*Gateway, error) { } func (g *Gateway) Run(ctx context.Context) error { + // noop coors handler + corsHandler := func(h http.Handler) http.Handler { + return h + } + +if len(g.c.Web.AllowedOrigins) > 0 { corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"}) corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"}) - corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"}) - corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions) + corsAllowedOriginsOptions := ghandlers.AllowedOrigins(g.c.Web.AllowedOrigins) + corsHandler = ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions) +} webhooksHandler := api.NewWebhooksHandler(logger, g.ah, g.configstoreClient, g.runserviceClient, g.c.APIExposedURL) diff --git a/internal/services/runservice/runservice.go b/internal/services/runservice/runservice.go index 9bdae35..aabbf44 100644 --- a/internal/services/runservice/runservice.go +++ b/internal/services/runservice/runservice.go @@ -33,7 +33,6 @@ import ( "agola.io/agola/internal/services/runservice/types" "agola.io/agola/internal/util" - ghandlers "github.com/gorilla/handlers" "github.com/gorilla/mux" etcdclientv3 "go.etcd.io/etcd/clientv3" "go.uber.org/zap/zapcore" @@ -161,11 +160,6 @@ func (s *Runservice) Run(ctx context.Context) error { ch := make(chan *types.ExecutorTask) - corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"}) - corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"}) - corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"}) - corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions) - // executor dedicated api, only calls from executor should happen on these handlers executorStatusHandler := api.NewExecutorStatusHandler(logger, s.e, s.ah) executorTaskStatusHandler := api.NewExecutorTaskStatusHandler(s.e, ch) @@ -217,7 +211,7 @@ func (s *Runservice) Run(ctx context.Context) error { apirouter.Handle("/changegroups", changeGroupsUpdateTokensHandler).Methods("GET") mainrouter := mux.NewRouter() - mainrouter.PathPrefix("/").Handler(corsHandler(router)) + mainrouter.PathPrefix("/").Handler(router) // Return a bad request when it doesn't match any route mainrouter.NotFoundHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusBadRequest) })