From 226e1bd9ddb44dc2487e9cee9cb5413af7bfe440 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Mierzwa?= Date: Sat, 29 Sep 2018 10:29:52 +0100 Subject: [PATCH 1/2] fix(docs): add missing description --- docs/CONFIGURATION.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 97ed7f2a6..9261a6540 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -301,7 +301,7 @@ listen: prefix: string ``` -- `address` - +- `address` - Hostname or IP to listen on. - `port` - HTTP port to listen on. - `prefix` - URL root for karma, you can use to if you wish to serve it from location other than `/`. This option is mostly useful when using karma behind From 02e433b2053cd1deec6fddfd3765ddaeb65238e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Mierzwa?= Date: Sat, 29 Sep 2018 10:30:30 +0100 Subject: [PATCH 2/2] fix(cors): change Access-Control-Allow-Origin validation to work in dev --- main.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index dfb2d7c4e..2558e8b2a 100644 --- a/main.go +++ b/main.go @@ -63,7 +63,17 @@ func setupRouter(router *gin.Engine) { // so we end up with /static/static/js router.Use(static.Serve(getViewURL("/static/static/js/"), staticSrcFileSystem)) router.Use(cors.New(cors.Config{ - AllowAllOrigins: true, + // This works different than AllowAllOrigins=true + // 1. AllowAllOrigins will cause responses to include + // 'Access-Control-Allow-Origin: *' header in all responses + // 2. Setting AllowOriginFunc allows to validate origin URI and if it passes + // the response will include 'Access-Control-Allow-Origin: $origin' + // So the logic is the same, but implementation is different. + // We need second behavior since setting `credentials: include` on JS + // fetch() will fail with 'Access-Control-Allow-Origin: *' responses + AllowOriginFunc: func(origin string) bool { + return true + }, AllowCredentials: true, AllowMethods: []string{"GET", "POST", "DELETE"}, AllowHeaders: []string{"Origin"},