35 lines
917 B
Go
35 lines
917 B
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"aggios-app/backend/internal/config"
|
|
)
|
|
|
|
// CORS adds CORS headers to responses
|
|
func CORS(cfg *config.Config) func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
origin := r.Header.Get("Origin")
|
|
|
|
// Allow all localhost origins for development
|
|
if origin != "" {
|
|
w.Header().Set("Access-Control-Allow-Origin", origin)
|
|
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
|
}
|
|
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, Host")
|
|
w.Header().Set("Access-Control-Max-Age", "3600")
|
|
|
|
// Handle preflight request
|
|
if r.Method == "OPTIONS" {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|