From 45e1448eaac24ba340c3d3e73d660b20d38e2af8 Mon Sep 17 00:00:00 2001 From: Fabrice Rabaute Date: Fri, 27 Aug 2021 14:23:14 -0700 Subject: [PATCH] Remove CORS middleware The AuthService used a CORS middleware as a remnant of the original fork: ajmyyra/ambassador-auth-oidc@43dd5ae The CORS middleware permits requests with certain default methods and headers. However, since the default answer is 200, what it actually does is proxy the CORS requests for those methods. I don't like the fact that we don't set the response code explicitly. We should either remove this middleware or document its use clearly. Cherry-pick from: https://github.com/arrikto/oidc-authservice/pull/58 --- main.go | 4 ++-- web_server.go | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index ba771389..e42d492f 100644 --- a/main.go +++ b/main.go @@ -14,7 +14,7 @@ import ( "github.com/arrikto/oidc-authservice/authorizer" "github.com/arrikto/oidc-authservice/common" "github.com/arrikto/oidc-authservice/sessions" - "github.com/gorilla/handlers" + "github.com/gorilla/mux" "github.com/patrickmn/go-cache" "github.com/tevino/abool" @@ -76,7 +76,7 @@ func main() { log.Infof("Starting judge server at %v:%v", c.Hostname, c.Port) stopCh := make(chan struct{}) go func(stopCh chan struct{}) { - log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), handlers.CORS()(router))) + log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), router)) close(stopCh) }(stopCh) diff --git a/web_server.go b/web_server.go index d16210b5..859c35ce 100644 --- a/web_server.go +++ b/web_server.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/arrikto/oidc-authservice/common" - "github.com/gorilla/handlers" "github.com/gorilla/mux" ) @@ -18,7 +17,7 @@ const ( ) var ( - ThemesPath = "/site/themes" + ThemesPath = "/site/themes" ) type WebServer struct { @@ -83,7 +82,7 @@ func (s *WebServer) Start(addr string) error { ), ) - return http.ListenAndServe(addr, handlers.CORS()(router)) + return http.ListenAndServe(addr, router) } // siteHandler returns an http.HandlerFunc that serves a given template