Disallow cross-origin DELETE and POST requests.

This commit is contained in:
Julius Volz 2015-06-24 17:26:49 +02:00
parent 364003c444
commit bc1c789bab

View file

@ -65,7 +65,7 @@ type API struct {
// Enables cross-site script calls.
func setCORS(w http.ResponseWriter) {
w.Header().Set("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type, Origin")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
w.Header().Set("Access-Control-Allow-Methods", "GET")
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Expose-Headers", "Date")
}