switched cors implementation

sash20m · Dec 7, 2023 · bc9040f · bc9040f
1 parent e79e8a4
commit bc9040f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -42,6 +42,7 @@ require (
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/rs/cors v1.10.1 // indirect
 	github.com/swaggo/files/v2 v2.0.0 // indirect
 	golang.org/x/crypto v0.15.0 // indirect
 	golang.org/x/net v0.18.0 // indirect

diff --git a/go.sum b/go.sum
@@ -92,6 +92,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
+github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

diff --git a/internal/server.go b/internal/server.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/rs/cors"
 	_ "github.com/sash20m/go-api-template/cmd/server/docs"
 	"github.com/sash20m/go-api-template/config"
 	"github.com/sash20m/go-api-template/internal/handlers"
@@ -70,9 +71,7 @@ func (app *AppServer) Run(appConfig config.ApiEnvConfig) {
 
 	// Security Middlewares
 	secureMiddleware := secure.New(secure.Options{
-		IsDevelopment: app.Env == "DEV",
-		// CORS
-		AllowedHosts:       []string{},
+		IsDevelopment:      app.Env == "DEV",
 		ContentTypeNosniff: true,
 		SSLRedirect:        true,
 		// If the app is behind a proxy
@@ -85,7 +84,16 @@ func (app *AppServer) Run(appConfig config.ApiEnvConfig) {
 	n.Use(negroni.NewRecovery())
 	n.Use(negroni.HandlerFunc(secureMiddleware.HandlerFuncWithNext))
 	n.Use(negroni.HandlerFunc(middlewares.TrackRequestMiddleware))
-	n.UseHandler(router)
+	corsMiddleware := cors.New(cors.Options{
+		AllowedOrigins:   []string{"*"}, // Allows all origins
+		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		AllowCredentials: true,
+		MaxAge:           86400,
+	})
+	// router with cors middleware
+	wrappedRouter := corsMiddleware.Handler(router)
+	n.UseHandler(wrappedRouter)
 
 	startupMessage := "Starting API server (v" + app.Version + ")"
 	startupMessage = startupMessage + " on port " + app.Port