github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(routes): fix cors headers for api keys and logout route (#1984)

Browse Source 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
peusebiu
2023-11-07 20:11:40 +02:00
committed by GitHub
parent ff16e4c3db
commit 7f52f58e3c
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/authn_test.go
+2
View File
@@ -67,6 +67,8 @@ func TestAllowedMethodsHeaderAPIKey(t *testing.T) {
resp, _ := resty.R().Options(baseURL + constants.APIKeyPath)
So(resp, ShouldNotBeNil)
So(resp.Header().Get("Access-Control-Allow-Methods"), ShouldResemble, "GET,POST,DELETE,OPTIONS")
So(resp.Header().Get("Access-Control-Allow-Origin"), ShouldResemble, "*")
So(resp.Header().Get("Access-Control-Allow-Headers"), ShouldResemble, "Authorization,content-type,X-ZOT-API-CLIENT")
So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
})
}
pkg/api/routes.go
+3 -1
View File
@@ -91,9 +91,11 @@ func (rh *RouteHandler) SetupRoutes() {
apiKeyRouter := rh.c.Router.PathPrefix(constants.APIKeyPath).Subrouter()
apiKeyRouter.Use(authHandler)
apiKeyRouter.Use(BaseAuthzHandler(rh.c))
// Always use CORSHeadersMiddleware before ACHeadersMiddleware
apiKeyRouter.Use(zcommon.CORSHeadersMiddleware(rh.c.Config.HTTP.AllowOrigin))
apiKeyRouter.Use(zcommon.ACHeadersMiddleware(rh.c.Config,
http.MethodGet, http.MethodPost, http.MethodDelete, http.MethodOptions))
apiKeyRouter.Use(zcommon.CORSHeadersMiddleware(rh.c.Config.HTTP.AllowOrigin))
apiKeyRouter.Methods(http.MethodPost, http.MethodOptions).HandlerFunc(rh.CreateAPIKey)
apiKeyRouter.Methods(http.MethodGet).HandlerFunc(rh.GetAPIKeys)