From 3d89e58a44da2067280c00bc83f077e9f5e876f0 Mon Sep 17 00:00:00 2001 From: Fabrice Rabaute Date: Fri, 27 Aug 2021 14:23:14 -0700 Subject: [PATCH] Remove CORS middleware The AuthService used a CORS middleware as a remnant of the original fork: ajmyyra/ambassador-auth-oidc@43dd5ae The CORS middleware permits requests with certain default methods and headers. However, since the default answer is 200, what it actually does is proxy the CORS requests for those methods. I don't like the fact that we don't set the response code explicitly. We should either remove this middleware or document its use clearly. Cherry-pick from: https://github.com/arrikto/oidc-authservice/pull/58 --- main.go | 3 +-- web_server.go | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 3ba5fccc..0e2551ab 100644 --- a/main.go +++ b/main.go @@ -13,7 +13,6 @@ import ( "github.com/arrikto/oidc-authservice/authorizer" "github.com/arrikto/oidc-authservice/oidc" "github.com/arrikto/oidc-authservice/svc" - "github.com/gorilla/handlers" "github.com/gorilla/mux" log "github.com/sirupsen/logrus" "github.com/tevino/abool" @@ -74,7 +73,7 @@ func main() { log.Infof("Starting server at %v:%v", c.Hostname, c.Port) stopCh := make(chan struct{}) go func(stopCh chan struct{}) { - log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), handlers.CORS()(router))) + log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), router)) close(stopCh) }(stopCh) diff --git a/web_server.go b/web_server.go index 8e2290e2..4170d6ff 100644 --- a/web_server.go +++ b/web_server.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/arrikto/oidc-authservice/logger" - "github.com/gorilla/handlers" "github.com/gorilla/mux" ) @@ -85,7 +84,7 @@ func (s *WebServer) Start(addr string) error { ), ) - return http.ListenAndServe(addr, handlers.CORS()(router)) + return http.ListenAndServe(addr, router) } // siteHandler returns an http.HandlerFunc that serves a given template