diff options
Diffstat (limited to 'system/api')
| -rw-r--r-- | system/api/handlers.go | 6 | ||||
| -rw-r--r-- | system/api/server.go | 8 |
2 files changed, 10 insertions, 4 deletions
diff --git a/system/api/handlers.go b/system/api/handlers.go index 1bc4fbb..0be98a4 100644 --- a/system/api/handlers.go +++ b/system/api/handlers.go @@ -254,6 +254,12 @@ func sendPreflight(res http.ResponseWriter) { // CORS wraps a HandleFunc to respond to OPTIONS requests properly func CORS(next http.HandlerFunc) http.HandlerFunc { + if db.ConfigCache("cors_disabled").([]string)[0] == "true" { + return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + res.WriteHeader(http.StatusForbidden) + }) + } + return db.CacheControl(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { if req.Method == http.MethodOptions { sendPreflight(res) diff --git a/system/api/server.go b/system/api/server.go index f31a748..4b8b22e 100644 --- a/system/api/server.go +++ b/system/api/server.go @@ -4,11 +4,11 @@ import "net/http" // Run adds Handlers to default http listener for API func Run() { - http.HandleFunc("/api/types", CORS(Record(typesHandler))) + http.HandleFunc("/api/types", Record(CORS(typesHandler))) - http.HandleFunc("/api/contents", CORS(Record(contentsHandler))) + http.HandleFunc("/api/contents", Record(CORS(contentsHandler))) - http.HandleFunc("/api/content", CORS(Record(contentHandler))) + http.HandleFunc("/api/content", Record(CORS(contentHandler))) - http.HandleFunc("/api/content/external", CORS(Record(externalContentHandler))) + http.HandleFunc("/api/content/external", Record(CORS(externalContentHandler))) } |