From 94bcb91220e039da129e74584c889c7a3577a24e Mon Sep 17 00:00:00 2001 From: Neil Moore Date: Sat, 20 Jun 2020 23:18:30 -0400 Subject: [PATCH] Add CORS header ('Access-Control-Allow-Origin') to 'AllReader' Allows all API endpoints using 'AllReader' to be queryable by any origin. --- handle.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/handle.go b/handle.go index 4915420..1802384 100644 --- a/handle.go +++ b/handle.go @@ -599,6 +599,9 @@ func (h *Handler) AllReader(f handlerFunc) http.HandlerFunc { log.Info(h.app.ReqLog(r, status, time.Since(start))) }() + // Allow any origin, as public endpoints are handled in here + w.Header().Set("Access-Control-Allow-Origin", "*"); + if h.app.App().cfg.App.Private { // This instance is private, so ensure it's being accessed by a valid user // Check if authenticated with an access token