mirror of
https://github.com/prometheus/prometheus.git
synced 2025-03-05 20:59:13 -08:00
Merge 258f5e925f
into 61aa82865d
This commit is contained in:
commit
beefd7d877
|
@ -20,14 +20,14 @@ import (
|
|||
)
|
||||
|
||||
var corsHeaders = map[string]string{
|
||||
"Access-Control-Allow-Headers": "Accept, Authorization, Content-Type, Origin",
|
||||
"Access-Control-Allow-Headers": "Accept, Authorization, Content-Type",
|
||||
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
|
||||
"Access-Control-Expose-Headers": "Date",
|
||||
"Vary": "Origin",
|
||||
}
|
||||
|
||||
// SetCORS enables cross-site script calls.
|
||||
// SetCORS enables cross-origin script calls.
|
||||
func SetCORS(w http.ResponseWriter, o *regexp.Regexp, r *http.Request) {
|
||||
w.Header().Add("Vary", "Origin")
|
||||
origin := r.Header.Get("Origin")
|
||||
if origin == "" {
|
||||
return
|
||||
|
|
|
@ -48,8 +48,10 @@ func TestCORSHandler(t *testing.T) {
|
|||
resp, err := client.Do(req)
|
||||
require.NoError(t, err, "client get failed with unexpected error")
|
||||
|
||||
AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin")
|
||||
Vary := resp.Header.Get("Vary")
|
||||
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
|
||||
|
||||
AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin")
|
||||
require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header")
|
||||
|
||||
// OPTIONS with bad origin
|
||||
|
@ -62,4 +64,20 @@ func TestCORSHandler(t *testing.T) {
|
|||
|
||||
AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")
|
||||
require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")
|
||||
|
||||
Vary = resp.Header.Get("Vary")
|
||||
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
|
||||
|
||||
// OPTIONS with no origin
|
||||
req, err = http.NewRequest(http.MethodOptions, server.URL+"/any_path", nil)
|
||||
require.NoError(t, err, "could not create request")
|
||||
|
||||
resp, err = client.Do(req)
|
||||
require.NoError(t, err, "client get failed with unexpected error")
|
||||
|
||||
Vary = resp.Header.Get("Vary")
|
||||
require.Equal(t, "Origin", Vary, `expected "Vary: Origin" header`)
|
||||
|
||||
AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")
|
||||
require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue