Skip to content
Snippets Groups Projects
Commit dd49fe4a authored by ale's avatar ale
Browse files

Add CORS support (defaulting to true)

Serve Access-Control-Allow-Origin: * headers on /sso_login and
/sso_logout endpoints, to allow sso auto-renewal on AJAX requests.
parent 8a1845d6
No related branches found
No related tags found
No related merge requests found
Pipeline #44833 passed
...@@ -76,6 +76,8 @@ type SSOWrapper struct { ...@@ -76,6 +76,8 @@ type SSOWrapper struct {
sc *securecookie.SecureCookie sc *securecookie.SecureCookie
serverURL string serverURL string
serverOrigin string serverOrigin string
EnableCORS bool
} }
// NewSSOWrapper returns a new SSOWrapper that will authenticate users // NewSSOWrapper returns a new SSOWrapper that will authenticate users
...@@ -96,6 +98,7 @@ func NewSSOWrapper(serverURL string, pkey []byte, domain string, sessionAuthKey, ...@@ -96,6 +98,7 @@ func NewSSOWrapper(serverURL string, pkey []byte, domain string, sessionAuthKey,
sc: sc, sc: sc,
serverURL: serverURL, serverURL: serverURL,
serverOrigin: originFromURL(serverURL), serverOrigin: originFromURL(serverURL),
EnableCORS: true,
}, nil }, nil
} }
...@@ -172,7 +175,7 @@ func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, servi ...@@ -172,7 +175,7 @@ func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, servi
HttpOnly: true, HttpOnly: true,
}) })
http.Redirect(w, req, d, http.StatusFound) s.redirectWithCORS(w, req, d)
} }
func (s *SSOWrapper) handleLogout(w http.ResponseWriter, req *http.Request) { func (s *SSOWrapper) handleLogout(w http.ResponseWriter, req *http.Request) {
...@@ -209,7 +212,14 @@ func (s *SSOWrapper) redirectToLogin(w http.ResponseWriter, req *http.Request, s ...@@ -209,7 +212,14 @@ func (s *SSOWrapper) redirectToLogin(w http.ResponseWriter, req *http.Request, s
v.Set("n", nonce) v.Set("n", nonce)
v.Set("g", strings.Join(groups, ",")) v.Set("g", strings.Join(groups, ","))
loginURL := s.serverURL + "?" + v.Encode() loginURL := s.serverURL + "?" + v.Encode()
http.Redirect(w, req, loginURL, http.StatusFound) s.redirectWithCORS(w, req, loginURL)
}
func (s *SSOWrapper) redirectWithCORS(w http.ResponseWriter, req *http.Request, uri string) {
if s.EnableCORS {
w.Header().Set("Access-Control-Allow-Origin", "*")
}
http.Redirect(w, req, uri, http.StatusFound)
} }
// Extract the URL path from the service specification. The result // Extract the URL path from the service specification. The result
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment