liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(api): allow custom user-agents in cors headers (#520)

Browse Source 
Firefox's (correct) CORS implementation considers `User-Agent` as a forbidden header and requires the server to explicitly opt into custom UAs by allowing this header in `Access-Control-Allow-Headers`.

This commit enables CSR apps to correctly communicate which tools they are part of.
This commit is contained in:
Ambre Bertucci 2023-02-15 17:42:22 +00:00 committed by GitHub
parent 3e76fd8d28
commit 95389e8df8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/web-proxy/main.go
View File

@ -67,7 +67,7 @@ func (p ProxyHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
rw.Header().Add("Access-Control-Allow-Origin", "*")
rw.Header().Add("Access-Control-Allow-Methods", "*")
rw.Header().Add("Access-Control-Allow-Credentials", "true")
rw.Header().Add("Access-Control-Allow-Headers", "Content-Type, Authorization, sentry-trace")
rw.Header().Add("Access-Control-Allow-Headers", "Content-Type, Authorization, sentry-trace, User-Agent")
rw.Header().Add("Access-Control-Max-Age", "86400")
if r.Method == http.MethodOptions {