Add configurable CORS policy in OpenIDProvider

2023-11-13 17:29:12 -06:00 · 2023-11-13 17:29:12 -06:00 · 8a11cca6bb
commit 8a11cca6bb
parent f014796c45
1 changed files with 22 additions and 1 deletions
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -97,9 +97,17 @@ type OpenIDProvider interface {

 type HttpInterceptor func(http.Handler) http.Handler

+type corsOptioner interface {
+	CORSOptions() cors.Options
+}
+
 func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) chi.Router {
 	router := chi.NewRouter()
+	if co, ok := o.(corsOptioner); ok {
+		router.Use(cors.New(co.CORSOptions()).Handler)
+	} else {
 		router.Use(cors.New(defaultCORSOptions).Handler)
+	}
 	router.Use(intercept(o.IssuerFromRequest, interceptors...))
 	router.HandleFunc(healthEndpoint, healthHandler)
 	router.HandleFunc(readinessEndpoint, readyHandler(o.Probes()))
@ -224,6 +232,7 @@ func NewProvider(config *Config, storage Storage, issuer func(insecure bool) (Is
 		storage:   storage,
 		endpoints: DefaultEndpoints,
 		timer:     make(<-chan time.Time),
+		corsOpts:  defaultCORSOptions,
 		logger:    slog.Default(),
 	}

@ -268,6 +277,7 @@ type Provider struct {
 	timer                   <-chan time.Time
 	accessTokenVerifierOpts []AccessTokenVerifierOpt
 	idTokenHintVerifierOpts []IDTokenHintVerifierOpt
+	corsOpts                cors.Options
 	logger                  *slog.Logger
 }

@ -427,6 +437,10 @@ func (o *Provider) Probes() []ProbesFn {
 	}
 }

+func (o *Provider) CORSOptions() cors.Options {
+	return o.corsOpts
+}
+
 func (o *Provider) Logger() *slog.Logger {
 	return o.logger
 }
@ -587,6 +601,13 @@ func WithIDTokenHintVerifierOpts(opts ...IDTokenHintVerifierOpt) Option {
 	}
 }

+func WithCORSOptions(opts cors.Options) Option {
+	return func(o *Provider) error {
+		o.corsOpts = opts
+		return nil
+	}
+}
+
 // WithLogger lets a logger other than slog.Default().
 //
 // EXPERIMENTAL: Will change to log/slog import after we drop support for Go 1.20