[release] v0.9.20

2023-08-26 14:38:05 +01:00 · 2023-08-26 14:38:05 +01:00 · 75c0521ad9
parent bbe3e7483e
commit 75c0521ad9
5 changed files with 17 additions and 11 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,3 +1,6 @@
+## Version 0.9.20
+ - Add option to disable CORS hardening (with empty value)
+
 ## Version 0.9.19
 - Add country whitelist option to geoblocker
 - No countries blocked by default anymore
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "cosmos-server",
-  "version": "0.9.19",
+  "version": "0.9.20",
  "description": "",
  "main": "test-server.js",
  "bugs": {
--- a/readme.md
+++ b/readme.md
@ -4,11 +4,9 @@

 <!-- sponsors -->
 <h3 align="center">Thanks to the sponsors:</h3></br>
-<p align="center"><a href="https://github.com/zarevskaya"><img src="https://avatars.githubusercontent.com/zarevskaya" style="border-radius:48px" width="48" height="48" alt="zarev" title="zarev" /></a>
-<a href="https://github.com/DrMxrcy"><img src="https://avatars.githubusercontent.com/DrMxrcy" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
+<p align="center"><a href="https://github.com/DrMxrcy"><img src="https://avatars.githubusercontent.com/DrMxrcy" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
 <a href="https://github.com/soldier1"><img src="https://avatars.githubusercontent.com/soldier1" style="border-radius:48px" width="48" height="48" alt="null" title="null" /></a>
 <a href="https://github.com/devcircus"><img src="https://avatars.githubusercontent.com/devcircus" style="border-radius:48px" width="48" height="48" alt="Clayton Stone" title="Clayton Stone" /></a>
-<a href="https://github.com/vp-en"><img src="https://avatars.githubusercontent.com/vp-en" style="border-radius:48px" width="48" height="48" alt="vp-en" title="vp-en" /></a>
 <a href="https://github.com/BillyDas"><img src="https://avatars.githubusercontent.com/BillyDas" style="border-radius:48px" width="48" height="48" alt="Billy Das" title="Billy Das" /></a>
 <a href="https://github.com/Serph91P"><img src="https://avatars.githubusercontent.com/Serph91P" style="border-radius:48px" width="48" height="48" alt="Seraph91P" title="Seraph91P" /></a>
 </p><!-- /sponsors -->
--- a/src/proxy/routeTo.go
+++ b/src/proxy/routeTo.go
@ -46,7 +46,7 @@ func joinURLPath(a, b *url.URL) (path, rawpath string) {


 // NewProxy takes target host and creates a reverse proxy
-func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardHeader bool, DisableHeaderHardening bool) (*httputil.ReverseProxy, error) {
+func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardHeader bool, DisableHeaderHardening bool, CORSOrigin string) (*httputil.ReverseProxy, error) {
 	url, err := url.Parse(targetHost)
 	if err != nil {
 			return nil, err
@ -76,8 +76,11 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
 			req.Header.Set("X-Forwarded-Ssl", "on")
 		}

-		if VerboseForwardHeader {
+		if CORSOrigin != "" {
 			req.Header.Set("X-Forwarded-Host", url.Host)
+		}
+
+		if VerboseForwardHeader {
 			req.Header.Set("X-Origin-Host", url.Host)
 			req.Header.Set("Host", url.Host)
 			req.Header.Set("X-Forwarded-For", utils.GetClientIP(req))
@ -120,7 +123,7 @@ func RouteTo(route utils.ProxyRouteConfig) http.Handler {
 	routeType := route.Mode

 	if(routeType == "SERVAPP" || routeType == "PROXY") {
-		proxy, err := NewProxy(destination, route.AcceptInsecureHTTPSTarget, route.VerboseForwardHeader, route.DisableHeaderHardening)
+		proxy, err := NewProxy(destination, route.AcceptInsecureHTTPSTarget, route.VerboseForwardHeader, route.DisableHeaderHardening, route.CORSOrigin)
 		if err != nil {
 				utils.Error("Create Route", err)
 		}
--- a/src/utils/middleware.go
+++ b/src/utils/middleware.go
@ -80,10 +80,12 @@ func CORSHeader(origin string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

-			w.Header().Set("Access-Control-Allow-Origin", origin)
-			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-			w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
-			w.Header().Set("Access-Control-Allow-Credentials", "true")
+			if origin != "" {
+				w.Header().Set("Access-Control-Allow-Origin", origin)
+				w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+				w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+				w.Header().Set("Access-Control-Allow-Credentials", "true")
+			}

 			next.ServeHTTP(w, r)
 		})