diff --git a/auth/cors.go b/auth/cors.go index 3d8c2aa..5e628c2 100644 --- a/auth/cors.go +++ b/auth/cors.go @@ -13,7 +13,8 @@ import ( // CorsConfig generates a config to use in gin cors middleware based on server configuration func CorsConfig(conf *config.Configuration) cors.Config { corsConf := cors.Config{ - MaxAge: 12 * time.Hour, + MaxAge: 12 * time.Hour, + AllowBrowserExtensions: true, } if mode.IsDev() { corsConf.AllowAllOrigins = true diff --git a/auth/cors_test.go b/auth/cors_test.go index a3254de..4ec82a5 100644 --- a/auth/cors_test.go +++ b/auth/cors_test.go @@ -22,10 +22,11 @@ func TestCorsConfig(t *testing.T) { actual.AllowOriginFunc = nil // func cannot be checked with equal assert.Equal(t, cors.Config{ - AllowAllOrigins: false, - AllowHeaders: []string{"content-type"}, - AllowMethods: []string{"GET"}, - MaxAge: 12 * time.Hour, + AllowAllOrigins: false, + AllowHeaders: []string{"content-type"}, + AllowMethods: []string{"GET"}, + MaxAge: 12 * time.Hour, + AllowBrowserExtensions: true, }, actual) assert.NotNil(t, allowF) assert.True(t, allowF("http://test.com")) @@ -42,9 +43,10 @@ func TestEmptyCorsConfigWithResponseHeaders(t *testing.T) { actual.AllowOriginFunc = nil // func cannot be checked with equal assert.Equal(t, cors.Config{ - AllowAllOrigins: false, - AllowOrigins: []string{"https://example.com"}, - MaxAge: 12 * time.Hour, + AllowAllOrigins: false, + AllowOrigins: []string{"https://example.com"}, + MaxAge: 12 * time.Hour, + AllowBrowserExtensions: true, }, actual) } @@ -60,8 +62,9 @@ func TestDevCorsConfig(t *testing.T) { assert.Equal(t, cors.Config{ AllowHeaders: []string{"X-Gotify-Key", "Authorization", "Content-Type", "Upgrade", "Origin", "Connection", "Accept-Encoding", "Accept-Language", "Host"}, - AllowMethods: []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"}, - MaxAge: 12 * time.Hour, - AllowAllOrigins: true, + AllowMethods: []string{"GET", "POST", "DELETE", "OPTIONS", "PUT"}, + MaxAge: 12 * time.Hour, + AllowAllOrigins: true, + AllowBrowserExtensions: true, }, actual) }