From 8422077ad9a46fa30281bf400a1b151ee5a188a3 Mon Sep 17 00:00:00 2001 From: Fabrice Rabaute Date: Fri, 27 Aug 2021 14:23:14 -0700 Subject: [PATCH] Remove CORS middleware The AuthService used a CORS middleware as a remnant of the original fork: ajmyyra/ambassador-auth-oidc@43dd5ae The CORS middleware permits requests with certain default methods and headers. However, since the default answer is 200, what it actually does is proxy the CORS requests for those methods. I don't like the fact that we don't set the response code explicitly. We should either remove this middleware or document its use clearly. Cherry-pick from: https://github.com/arrikto/oidc-authservice/pull/58 --- main.go | 4 ++-- web_server.go | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index a33d9215..8f3f708a 100644 --- a/main.go +++ b/main.go @@ -14,7 +14,7 @@ import ( "github.com/arrikto/oidc-authservice/authorizer" "github.com/arrikto/oidc-authservice/common" "github.com/arrikto/oidc-authservice/sessions" - "github.com/gorilla/handlers" + "github.com/gorilla/mux" "github.com/patrickmn/go-cache" "github.com/tevino/abool" @@ -76,7 +76,7 @@ func main() { log.Infof("Starting judge server at %v:%v", c.Hostname, c.Port) stopCh := make(chan struct{}) go func(stopCh chan struct{}) { - log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), handlers.CORS()(router))) + log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), router)) close(stopCh) }(stopCh) diff --git a/web_server.go b/web_server.go index d16210b5..859c35ce 100644 --- a/web_server.go +++ b/web_server.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/arrikto/oidc-authservice/common" - "github.com/gorilla/handlers" "github.com/gorilla/mux" ) @@ -18,7 +17,7 @@ const ( ) var ( - ThemesPath = "/site/themes" + ThemesPath = "/site/themes" ) type WebServer struct { @@ -83,7 +82,7 @@ func (s *WebServer) Start(addr string) error { ), ) - return http.ListenAndServe(addr, handlers.CORS()(router)) + return http.ListenAndServe(addr, router) } // siteHandler returns an http.HandlerFunc that serves a given template