Fix: cors middleware should be applied directly to root router

5 years ago · b5ee3ee609
parent ac2de841d2
commit b5ee3ee609
4 changed files with 8 additions and 10 deletions
--- a/pkg/conf/conf.go
+++ b/pkg/conf/conf.go
@ -56,7 +56,6 @@ type thumb struct {

 // 跨域配置
 type cors struct {
-	AllowAllOrigins  bool
 	AllowOrigins     []string
 	AllowMethods     []string
 	AllowHeaders     []string
--- a/pkg/conf/defaults.go
+++ b/pkg/conf/defaults.go
@ -38,7 +38,6 @@ var CaptchaConfig = &captcha{

 // CORSConfig 跨域配置
 var CORSConfig = &cors{
-	AllowAllOrigins:  false,
 	AllowOrigins:     []string{"UNSET"},
 	AllowMethods:     []string{"PUT", "POST", "GET", "OPTIONS"},
 	AllowHeaders:     []string{"Cookie", "Content-Length", "Content-Type", "X-Path", "X-FileName"},
--- a/routers/router.go
+++ b/routers/router.go
@ -23,9 +23,9 @@ func InitRouter() *gin.Engine {
 // InitSlaveRouter 初始化从机模式路由
 func InitSlaveRouter() *gin.Engine {
 	r := gin.Default()
-	v3 := r.Group("/api/v3/slave")
 	// 跨域相关
-	InitCORS(v3)
+	InitCORS(r)
+	v3 := r.Group("/api/v3/slave")
 	// 鉴权中间件
 	v3.Use(middleware.SignRequired())

@ -39,12 +39,11 @@ func InitSlaveRouter() *gin.Engine {
 }

 // InitCORS 初始化跨域配置
-func InitCORS(group *gin.RouterGroup) {
-	if conf.CORSConfig.AllowOrigins[0] != "UNSET" || conf.CORSConfig.AllowAllOrigins {
-		group.Use(cors.New(cors.Config{
+func InitCORS(router *gin.Engine) {
+	if conf.CORSConfig.AllowOrigins[0] != "UNSET" {
+		router.Use(cors.New(cors.Config{
 			AllowOrigins:     conf.CORSConfig.AllowOrigins,
-			AllowAllOrigins:  conf.CORSConfig.AllowAllOrigins,
-			AllowMethods:     conf.CORSConfig.AllowHeaders,
+			AllowMethods:     conf.CORSConfig.AllowMethods,
 			AllowHeaders:     conf.CORSConfig.AllowHeaders,
 			AllowCredentials: conf.CORSConfig.AllowCredentials,
 			ExposeHeaders:    conf.CORSConfig.ExposeHeaders,
@ -67,7 +66,7 @@ func InitMasterRouter() *gin.Engine {
 	*/
 	v3.Use(middleware.Session(conf.SystemConfig.SessionSecret))
 	// 跨域相关
-	InitCORS(v3)
+	InitCORS(r)
 	// 测试模式加入Mock助手中间件
 	if gin.Mode() == gin.TestMode {
 		v3.Use(middleware.MockHelper())
--- a/service/explorer/file.go
+++ b/service/explorer/file.go
@ -111,6 +111,7 @@ func (service *SingleFileService) CreateDocPreviewSession(ctx context.Context, c
 	}

 	// 生成最终的预览器地址
+	// TODO 从配置文件中读取
 	viewerBase, _ := url.Parse("https://view.officeapps.live.com/op/view.aspx")
 	params := viewerBase.Query()
 	params.Set("src", downloadURL)