diff --git a/api/request.go b/api/request.go index 685e2d7e4..83a28bd9f 100644 --- a/api/request.go +++ b/api/request.go @@ -14,6 +14,7 @@ type Request struct { Method string URL *url.URL Params url.Values + Headers http.Header ClientToken string WrapTTL string Obj interface{} @@ -60,6 +61,14 @@ func (r *Request) ToHTTP() (*http.Request, error) { req.URL.Host = r.URL.Host req.Host = r.URL.Host + if r.Headers != nil { + for header, vals := range r.Headers { + for _, val := range vals { + req.Header.Add(header, val) + } + } + } + if len(r.ClientToken) != 0 { req.Header.Set("X-Vault-Token", r.ClientToken) } diff --git a/http/cors.go b/http/cors.go index 5bd0a1366..2a25a377f 100644 --- a/http/cors.go +++ b/http/cors.go @@ -1,6 +1,7 @@ package http import ( + "fmt" "net/http" "strings" @@ -40,7 +41,7 @@ func wrapCORSHandler(h http.Handler, core *vault.Core) http.Handler { // Return a 403 if the origin is not // allowed to make cross-origin requests. if !corsConf.IsValidOrigin(origin) { - w.WriteHeader(http.StatusForbidden) + respondError(w, http.StatusForbidden, fmt.Errorf("origin not allowed")) return }