Make allowed cors headers configurable
This commit is contained in:
Willem Dantuma
parent
96ca17675f
commit
de028920c8
3 changed files with 22 additions and 4 deletions
|
|
@ -38,6 +38,8 @@ type Configuration interface {
|
|||
SupportedUILocales() []language.Tag
|
||||
|
||||
SupportedScopes() []string
|
||||
|
||||
AllowedCorsHeaders() []string
|
||||
}
|
||||
|
||||
func ValidateIssuer(issuer string) error {
|
||||
|
|
|
|||
|
|
@ -35,6 +35,20 @@ func (m *MockConfiguration) EXPECT() *MockConfigurationMockRecorder {
|
|||
return m.recorder
|
||||
}
|
||||
|
||||
// AllowedCorsHeaders mocks base method.
|
||||
func (m *MockConfiguration) AllowedCorsHeaders() []string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "AllowedCorsHeaders")
|
||||
ret0, _ := ret[0].([]string)
|
||||
return ret0
|
||||
}
|
||||
|
||||
// AllowedCorsHeaders indicates an expected call of AllowedCorsHeaders.
|
||||
func (mr *MockConfigurationMockRecorder) AllowedCorsHeaders() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AllowedCorsHeaders", reflect.TypeOf((*MockConfiguration)(nil).AllowedCorsHeaders))
|
||||
}
|
||||
|
||||
// AuthMethodPostSupported mocks base method.
|
||||
func (m *MockConfiguration) AuthMethodPostSupported() bool {
|
||||
m.ctrl.T.Helper()
|
||||
|
|
|
|||
10
pkg/op/op.go
10
pkg/op/op.go
|
|
@ -65,7 +65,7 @@ func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router
|
|||
router := mux.NewRouter()
|
||||
router.Use(handlers.CORS(
|
||||
handlers.AllowCredentials(),
|
||||
handlers.AllowedHeaders([]string{"authorization", "content-type", "dpop"}),
|
||||
handlers.AllowedHeaders(o.AllowedCorsHeaders()),
|
||||
handlers.AllowedOriginValidator(allowAllOrigins),
|
||||
))
|
||||
router.HandleFunc(healthEndpoint, healthHandler)
|
||||
|
|
@ -104,6 +104,7 @@ type config struct {
|
|||
RequestObjectSupported bool
|
||||
SupportedUILocales []language.Tag
|
||||
SupportedScopes []string
|
||||
AllowedCorsHeaders []string
|
||||
}
|
||||
|
||||
type endpoints struct {
|
||||
|
|
@ -120,7 +121,8 @@ type endpoints struct {
|
|||
func NewConfig() *config {
|
||||
// config defaults
|
||||
config := &config{
|
||||
SupportedScopes: DefaultSupportedScopes,
|
||||
SupportedScopes: DefaultSupportedScopes,
|
||||
AllowedCorsHeaders: []string{"authorization", "content-type"},
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
|
@ -316,8 +318,8 @@ func (o *openidProvider) SupportedScopes() []string {
|
|||
return o.config.SupportedScopes
|
||||
}
|
||||
|
||||
func (o *openidProvider) SetScopesSupported(scopes []string) {
|
||||
o.config.SupportedScopes = scopes
|
||||
func (o *openidProvider) AllowedCorsHeaders() []string {
|
||||
return o.config.AllowedCorsHeaders
|
||||
}
|
||||
|
||||
func (o *openidProvider) Storage() Storage {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue