summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-12-23 12:46:01 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2019-12-23 12:46:01 -0700
commit16ee985c22c2fcfa2e108dcc7d3e8ce184fd95ed (patch)
treeb00ca8be80a3b94c442c31dcf6567512e849fa74
parent95ed603de79c66ff76bfe7e42986a2fc8c7a1fa4 (diff)
admin: Only write most CORS headers in OPTIONS requests
-rw-r--r--admin.go10
1 files changed, 6 insertions, 4 deletions
diff --git a/admin.go b/admin.go
index 89c007d..bf11985 100644
--- a/admin.go
+++ b/admin.go
@@ -50,7 +50,7 @@ type AdminConfig struct {
// The address to which the admin endpoint's listener should
// bind itself. Can be any single network address that can be
- // parsed by Caddy.
+ // parsed by Caddy. Default: localhost:2019
Listen string `json:"listen,omitempty"`
// If true, CORS headers will be emitted, and requests to the
@@ -282,10 +282,12 @@ func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) {
return
}
+ if r.Method == http.MethodOptions {
+ w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE")
+ w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Cache-Control")
+ w.Header().Set("Access-Control-Allow-Credentials", "true")
+ }
w.Header().Set("Access-Control-Allow-Origin", origin)
- w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE")
- w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Cache-Control")
- w.Header().Set("Access-Control-Allow-Credentials", "true")
}
// TODO: authentication & authorization, if configured