fix cors (#7433)
* fix: cors is not working
* chore: upgrade mockery
diff --git a/backend/Makefile b/backend/Makefile
index 34ae768..21106ed 100644
--- a/backend/Makefile
+++ b/backend/Makefile
@@ -27,7 +27,7 @@
all: build
go-dep:
- go install github.com/vektra/mockery/v2@v2.20.0
+ go install github.com/vektra/mockery/v2@2.43.0
go install github.com/swaggo/swag/cmd/swag@v1.16.1
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.53.3
diff --git a/backend/core/config/config_viper.go b/backend/core/config/config_viper.go
index ea5ed6d..16060c4 100644
--- a/backend/core/config/config_viper.go
+++ b/backend/core/config/config_viper.go
@@ -105,6 +105,7 @@
v.SetDefault("REMOTE_PLUGIN_DIR", "python/plugins")
v.SetDefault("SWAGGER_DOCS_DIR", "resources/swagger")
v.SetDefault("RESUME_PIPELINES", true)
+ v.SetDefault("CORS_ALLOW_ORIGIN", "*")
}
func init() {
diff --git a/backend/server/api/api.go b/backend/server/api/api.go
index 50f5ceb..fd65962 100644
--- a/backend/server/api/api.go
+++ b/backend/server/api/api.go
@@ -77,6 +77,23 @@
// Create router
router := gin.Default()
+ // Enable CORS
+ cfg := basicRes.GetConfigReader()
+ router.Use(cors.New(cors.Config{
+ // Allow all origins
+ AllowOrigins: cfg.GetStringSlice("CORS_ALLOW_ORIGIN"),
+ // Allow common methods
+ AllowMethods: []string{"PUT", "PATCH", "POST", "GET", "OPTIONS"},
+ // Allow common headers
+ AllowHeaders: []string{"Origin", "Content-Type"},
+ // Expose these headers
+ ExposeHeaders: []string{"Content-Length"},
+ // Allow credentials
+ AllowCredentials: false,
+ // Cache for 2 hours
+ MaxAge: 120 * time.Hour,
+ }))
+
// For both protected and unprotected routes
router.GET("/ping", ping.Get)
router.GET("/ready", ping.Ready)
@@ -138,23 +155,6 @@
gin.DebugPrintRouteFunc = func(httpMethod, absolutePath, handlerName string, nuHandlers int) {
logruslog.Global.Printf("endpoint %v %v %v %v", httpMethod, absolutePath, handlerName, nuHandlers)
}
-
- // Enable CORS
- router.Use(cors.New(cors.Config{
- // Allow all origins
- AllowOrigins: []string{"*"},
- // Allow common methods
- AllowMethods: []string{"PUT", "PATCH", "POST", "GET", "OPTIONS"},
- // Allow common headers
- AllowHeaders: []string{"Origin", "Content-Type"},
- // Expose these headers
- ExposeHeaders: []string{"Content-Length"},
- // Allow credentials
- AllowCredentials: true,
- // Cache for 2 hours
- MaxAge: 120 * time.Hour,
- }))
-
// Register API endpoints
RegisterRouter(router, basicRes)
}