Add CORS support (defaulting to true)

Serve Access-Control-Allow-Origin: * headers on /sso_login and /sso_logout endpoints, to allow sso auto-renewal on AJAX requests.

Add CORS support (defaulting to true)
dd49fe4a · ale · 8a1845d6 · dd49fe4a
Commit dd49fe4a authored 2 years ago by ale
--- a/httpsso/handler.go
+++ b/httpsso/handler.go
@@ -76,6 +76,8 @@ type SSOWrapper struct {
 	sc           *securecookie.SecureCookie
 	serverURL    string
 	serverOrigin string
+
+	EnableCORS bool
 }

 // NewSSOWrapper returns a new SSOWrapper that will authenticate users
@@ -96,6 +98,7 @@ func NewSSOWrapper(serverURL string, pkey []byte, domain string, sessionAuthKey,
 		sc:           sc,
 		serverURL:    serverURL,
 		serverOrigin: originFromURL(serverURL),
+		EnableCORS:   true,
 	}, nil
 }

@@ -172,7 +175,7 @@ func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, servi
 		HttpOnly: true,
 	})

-	http.Redirect(w, req, d, http.StatusFound)
+	s.redirectWithCORS(w, req, d)
 }

 func (s *SSOWrapper) handleLogout(w http.ResponseWriter, req *http.Request) {
@@ -209,7 +212,14 @@ func (s *SSOWrapper) redirectToLogin(w http.ResponseWriter, req *http.Request, s
 	v.Set("n", nonce)
 	v.Set("g", strings.Join(groups, ","))
 	loginURL := s.serverURL + "?" + v.Encode()
-	http.Redirect(w, req, loginURL, http.StatusFound)
+	s.redirectWithCORS(w, req, loginURL)
+}
+
+func (s *SSOWrapper) redirectWithCORS(w http.ResponseWriter, req *http.Request, uri string) {
+	if s.EnableCORS {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+	}
+	http.Redirect(w, req, uri, http.StatusFound)
 }

 // Extract the URL path from the service specification. The result