jcarr
/
wit-signup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

TODO note to never allow CORS 

Signed-off-by: Jeff Carr <jcarr@wit.com>
This commit is contained in:
Jeff Carr 2019-05-25 18:04:50 -07:00
parent ba1667eacf
commit ade08918e2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
signup.go
View File

@ -46,6 +46,16 @@ func writeToFile(filename string, a string) {
} }
func handler2(w http.ResponseWriter, r *http.Request) { func handler2(w http.ResponseWriter, r *http.Request) {
// NOTE:
// NOTE: If you are having to enable 'CORS' then
// NOTE: something is really wrong with the design
// NOTE: and general architecture. Never allow this.
// NOTE: fix your design the right way.
// NOTE:
//
// TODO: remove all ability to accept any CORS
// on any WIT backend and infrastructre anything
//
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE") w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization") w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")