Просмотр исходного кода

Remove dead CORS package (L-2)

The CORS helper was unused; its import was commented out in webuiServer.go.
Deleting the package removes the dormant origin-reflection security issue.
jamesread 4 месяцев назад
Родитель
Сommit
f3549b035e

+ 0 - 23
service/internal/cors/cors.go

@@ -1,23 +0,0 @@
-package cors
-
-import (
-	log "github.com/sirupsen/logrus"
-	"net/http"
-)
-
-// AllowCors takes a HTTP handler and adds Access-Control-Allow-Origin headers to
-// responses.
-//
-// Note: HTTP OPTIONS requests (which need to be preflighted" for CORS) are not
-// handled because this app does not use HTTP PUT/PATCH/etc.
-func AllowCors(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if origin := r.Header.Get("Origin"); origin != "" {
-			log.Debugf("Adding CORS header origin: %q", origin)
-
-			w.Header().Set("Access-Control-Allow-Origin", origin)
-		}
-
-		h.ServeHTTP(w, r)
-	})
-}

+ 0 - 22
service/internal/cors/cors_test.go

@@ -1,22 +0,0 @@
-package cors
-
-import (
-	"github.com/stretchr/testify/assert"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-func TestCors(t *testing.T) {
-	req, _ := http.NewRequest("GET", "/health-check", nil)
-	req.Header.Add("Origin", "1.2.3.4")
-
-	blat := AllowCors(http.FileServer(http.Dir(".")))
-
-	rr := httptest.NewRecorder()
-
-	blat.ServeHTTP(rr, req)
-
-	assert.Equal(t, http.StatusNotFound, rr.Code, "HTTP 404 on CORS")
-	assert.Equal(t, "1.2.3.4", rr.Header().Get("Access-Control-Allow-Origin"), "CORS Header set")
-}

+ 0 - 2
service/internal/httpservers/webuiServer.go

@@ -1,8 +1,6 @@
 package httpservers
 package httpservers
 
 
 import (
 import (
-
-	//	cors "github.com/OliveTin/OliveTin/internal/cors"
 	"net/http"
 	"net/http"
 	"os"
 	"os"
 	"path"
 	"path"