summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--system/api/handlers.go36
-rw-r--r--system/db/addon.go2
2 files changed, 32 insertions, 6 deletions
diff --git a/system/api/handlers.go b/system/api/handlers.go
index f073e16..5bdb7cd 100644
--- a/system/api/handlers.go
+++ b/system/api/handlers.go
@@ -4,8 +4,10 @@ import (
"bytes"
"compress/gzip"
"encoding/json"
+ "io"
"log"
"net/http"
+ "net/url"
"strconv"
"strings"
@@ -262,11 +264,19 @@ func responseWithCORS(res http.ResponseWriter, req *http.Request) (http.Response
if db.ConfigCache("cors_disabled").(bool) == true {
// check origin matches config domain and Allow
domain := db.ConfigCache("domain").(string)
+ origin := req.Header.Get("Origin")
+ u, err := url.Parse(origin)
+ if err != nil {
+ log.Println("Error parsing URL from request Origin header:", origin)
+ return res, false
+ }
+
+ origin = u.Host
// currently, this will check for exact match. will need feedback to
// determine if subdomains should be allowed or allow multiple domains
// in config
- if req.Origin == domain {
+ if origin == domain {
// apply limited CORS headers and return
res.Header().Set("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type")
res.Header().Set("Access-Control-Allow-Origin", domain)
@@ -312,10 +322,9 @@ func Gzip(next http.HandlerFunc) http.HandlerFunc {
// check if req header content-encoding supports gzip
if strings.Contains(req.Header.Get("Accept-Encoding"), "gzip") {
// gzip response data
- gzres, err := gzip.NewWriter(res)
- if err != nil {
- log.Println("Error creating gzip writer in Gzip middleware.")
- next.ServeHTTP(res, req)
+ gzres := gzipResponseWriter{
+ rw: res,
+ gw: gzip.NewWriter(res),
}
next.ServeHTTP(gzres, req)
@@ -324,3 +333,20 @@ func Gzip(next http.HandlerFunc) http.HandlerFunc {
next.ServeHTTP(res, req)
})
}
+
+type gzipResponseWriter struct {
+ rw http.ResponseWriter
+ gw io.Writer
+}
+
+func (gzw gzipResponseWriter) Header() http.Header {
+ return gzw.rw.Header()
+}
+
+func (gzw gzipResponseWriter) Write(p []byte) (int, error) {
+ return gzw.gw.Write(p)
+}
+
+func (gzw gzipResponseWriter) WriteHeader(code int) {
+ gzw.rw.WriteHeader(code)
+}
diff --git a/system/db/addon.go b/system/db/addon.go
index a145293..0f63405 100644
--- a/system/db/addon.go
+++ b/system/db/addon.go
@@ -119,7 +119,7 @@ func DeleteAddon(key string) error {
err := store.Update(func(tx *bolt.Tx) error {
b := tx.Bucket([]byte("__addons"))
if b == nil {
- bolt.ErrBucketNotFound
+ return bolt.ErrBucketNotFound
}
if err := b.Delete([]byte(key)); err != nil {
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-10 07:21:35 +0000