diff --git a/pkg/config/env.go b/pkg/config/env.go index 103ba0b8..9efdbfaf 100644 --- a/pkg/config/env.go +++ b/pkg/config/env.go @@ -71,7 +71,12 @@ var Config = struct { DBConnectionRetryDelay time.Duration `env:"FLAGR_DB_DBCONNECTION_RETRY_DELAY" envDefault:"100ms"` // CORSEnabled - enable CORS - CORSEnabled bool `env:"FLAGR_CORS_ENABLED" envDefault:"true"` + CORSEnabled bool `env:"FLAGR_CORS_ENABLED" envDefault:"true"` + CORSAllowCredentials bool `env:"FLAGR_CORS_ALLOW_CREDENTIALS" envDefault:"true"` + CORSAllowedHeaders []string `env:"FLAGR_CORS_ALLOWED_HEADERS" envDefault:"Origin,Accept,Content-Type,X-Requested-With,Authorization,Time_Zone" envSeparator:","` + CORSAllowedMethods []string `env:"FLAGR_CORS_ALLOWED_METHODS" envDefault:"GET,POST,PUT,DELETE,PATCH" envSeparator:","` + CORSAllowedOrigins []string `env:"FLAGR_CORS_ALLOWED_ORIGINS" envDefault:"*" envSeparator:","` + CORSExposedHeaders []string `env:"FLAGR_CORS_EXPOSED_HEADERS" envDefault:"WWW-Authenticate" envSeparator:","` // SentryEnabled - enable Sentry and Sentry DSN SentryEnabled bool `env:"FLAGR_SENTRY_ENABLED" envDefault:"false"` diff --git a/pkg/config/middleware.go b/pkg/config/middleware.go index 10ba1cab..f2baa1a7 100644 --- a/pkg/config/middleware.go +++ b/pkg/config/middleware.go @@ -73,11 +73,11 @@ func SetupGlobalMiddleware(handler http.Handler) http.Handler { if Config.CORSEnabled { n.Use(cors.New(cors.Options{ - AllowedOrigins: []string{"*"}, - AllowedHeaders: []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Time_Zone"}, - ExposedHeaders: []string{"Www-Authenticate"}, - AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH"}, - AllowCredentials: true, + AllowedOrigins: Config.CORSAllowedOrigins, + AllowedHeaders: Config.CORSAllowedHeaders, + ExposedHeaders: Config.CORSExposedHeaders, + AllowedMethods: Config.CORSAllowedMethods, + AllowCredentials: Config.CORSAllowCredentials, })) }