Merge pull request #31 from moonstream-to/middle-fix

Fixed middleware check
moonstream-to · Feb 13, 2024 · fbc1536 · fbc1536
2 parents 43c3415 + c0701b3
commit fbc1536
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 20 deletions.
diff --git a/deploy/deploy.bash b/deploy/deploy.bash
@@ -39,7 +39,7 @@ if [ ! -d "${SECRETS_DIR}" ]; then
   mkdir "${SECRETS_DIR}"
   echo -e "${PREFIX_WARN} Created new secrets directory"
 fi
-AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION}" /home/ubuntu/go/bin/checkenv show aws_ssm+waggle:true >> "${PARAMETERS_ENV_PATH}"
+AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION}" /home/ubuntu/go/bin/checkenv show aws_ssm+waggle:true > "${PARAMETERS_ENV_PATH}"
 chmod 0640 "${PARAMETERS_ENV_PATH}"
 
 echo

diff --git a/server.go b/server.go
@@ -139,27 +139,25 @@ func (server *Server) accessMiddleware(next http.Handler) http.Handler {
 // CORS middleware
 func (server *Server) corsMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method == http.MethodOptions {
-			var allowedOrigin string
-			if server.CORSWhitelist["*"] {
-				allowedOrigin = "*"
-			} else {
-				for o := range server.CORSWhitelist {
-					if r.Header.Get("Origin") == o {
-						allowedOrigin = o
-					}
+		var allowedOrigin string
+		if server.CORSWhitelist["*"] {
+			allowedOrigin = "*"
+		} else {
+			for o := range server.CORSWhitelist {
+				if r.Header.Get("Origin") == o {
+					allowedOrigin = o
 				}
 			}
-			// If origin in list of CORS allowed origins, extend with required headers
-			if allowedOrigin != "" {
-				w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
-				w.Header().Set("Access-Control-Allow-Methods", "GET,POST")
-				// Credentials are cookies, authorization headers, or TLS client certificates
-				w.Header().Set("Access-Control-Allow-Credentials", "true")
-				w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
-			}
-			w.WriteHeader(http.StatusNoContent)
-			return
+		}
+		if allowedOrigin != "" {
+			w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
+		}
+
+		if r.Method == "OPTIONS" {
+			w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
+			// Credentials are cookies, authorization headers, or TLS client certificates
+			w.Header().Set("Access-Control-Allow-Credentials", "true")
+			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
 		}
 		next.ServeHTTP(w, r)
 	})