docservek - Fix handling of CORS for localhost.
hasPrefix args were backwards and prefix was wrong for localhost.
Change-Id: Ica997bffd2466d48a65b6bc2dbcfb431e57c4237
Reviewed-on: https://skia-review.googlesource.com/c/buildbot/+/234237
Auto-Submit: Joe Gregorio <jcgregorio@google.com>
Reviewed-by: Ravi Mistry <rmistry@google.com>
Commit-Queue: Ravi Mistry <rmistry@google.com>
diff --git a/go/login/login.go b/go/login/login.go
index 54a1f18..670c589 100644
--- a/go/login/login.go
+++ b/go/login/login.go
@@ -608,8 +608,12 @@
}
if strings.HasSuffix(u.Host, "."+COOKIE_DOMAIN_SKIA_ORG) ||
strings.HasSuffix(u.Host, "."+COOKIE_DOMAIN_SKIA_CORP) ||
- strings.HasPrefix("localhost:", u.Host) {
- w.Header().Add("Access-Control-Allow-Origin", "https://"+u.Host)
+ strings.HasPrefix(u.Host, "localhost:") {
+ prefix := "https://"
+ if strings.HasPrefix(u.Host, "localhost:") {
+ prefix = "http://"
+ }
+ w.Header().Add("Access-Control-Allow-Origin", prefix+u.Host)
w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
w.Header().Add("Access-Control-Allow-Credentials", "true")
w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")