luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Return error on bad CORS and add Header specification to API request primitive

Browse source
This commit is contained in:
Jeff Mitchell 2017-06-19 18:20:44 -04:00
parent 1e3e83f7b0
commit 5817a8a5f8
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
api/request.go
View file

@ -14,6 +14,7 @@ type Request struct {
Method string Method string
URL *url.URL URL *url.URL
Params url.Values Params url.Values
Headers http.Header
ClientToken string ClientToken string
WrapTTL string WrapTTL string
Obj interface{} Obj interface{}
@ -60,6 +61,14 @@ func (r *Request) ToHTTP() (*http.Request, error) {
req.URL.Host = r.URL.Host req.URL.Host = r.URL.Host
req.Host = r.URL.Host req.Host = r.URL.Host
if r.Headers != nil {
for header, vals := range r.Headers {
for _, val := range vals {
req.Header.Add(header, val)
}
}
}
if len(r.ClientToken) != 0 { if len(r.ClientToken) != 0 {
req.Header.Set("X-Vault-Token", r.ClientToken) req.Header.Set("X-Vault-Token", r.ClientToken)
} }

3
http/cors.go
View file

@ -1,6 +1,7 @@
package http package http
import ( import (
"fmt"
"net/http" "net/http"
"strings" "strings"
@ -40,7 +41,7 @@ func wrapCORSHandler(h http.Handler, core *vault.Core) http.Handler {
// Return a 403 if the origin is not // Return a 403 if the origin is not
// allowed to make cross-origin requests. // allowed to make cross-origin requests.
if !corsConf.IsValidOrigin(origin) { if !corsConf.IsValidOrigin(origin) {
w.WriteHeader(http.StatusForbidden) respondError(w, http.StatusForbidden, fmt.Errorf("origin not allowed"))
return return
} }