Merge branch 'development' into FE/migrations_clickhouse

aryanmehrotra · web-flow · commit 1bbe9bb59c02 · 2023-12-27T17:18:10.000+05:30
diff --git a/pkg/middleware/cors.go b/pkg/middleware/cors.go
@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	allowedHeaders = "Authorization, Content-Type, x-requested-with, true-client-ip, X-Correlation-ID"
+	allowedHeaders = "Authorization, Content-Type, x-requested-with, origin, true-client-ip, X-Correlation-ID"
 	allowedMethods = "PUT, POST, GET, DELETE, OPTIONS, PATCH"
 )
 
@@ -47,6 +47,8 @@ func getValidCORSHeaders(envHeaders map[string]string) map[string]string {
 
 		// If config is not set - for the three headers, set default value.
 		switch header {
+		case "Access-Control-Allow-Origin":
+			validCORSHeadersAndValues[header] = "*"
 		case "Access-Control-Allow-Headers":
 			validCORSHeadersAndValues[header] = allowedHeaders
 		case "Access-Control-Allow-Methods":
@@ -66,6 +68,7 @@ func getValidCORSHeaders(envHeaders map[string]string) map[string]string {
 // AllowedCORSHeader returns the HTTP headers used for CORS configuration in web applications.
 func AllowedCORSHeader() []string {
 	return []string{
+		"Access-Control-Allow-Origin",
 		"Access-Control-Allow-Headers",
 		"Access-Control-Allow-Methods",
 		"Access-Control-Allow-Credentials",
diff --git a/pkg/middleware/cors_test.go b/pkg/middleware/cors_test.go
@@ -57,17 +57,20 @@ func Test_getValidCORSHeaders(t *testing.T) {
 	}{
 		{map[string]string{},
 			map[string]string{
+				"Access-Control-Allow-Origin":  "*",
 				"Access-Control-Allow-Headers": allowedHeaders,
 				"Access-Control-Allow-Methods": allowedMethods,
 			},
 		},
 		{map[string]string{
 			"Access-Control-Max-Age":       strconv.Itoa(600),
 			"Access-Control-Allow-Headers": "",
+			"Access-Control-Allow-Origin":  "same-origin",
 			"Access-Control-Allow-Methods": http.MethodPost,
 		},
 			map[string]string{
 				"Access-Control-Max-Age":       strconv.Itoa(600),
+				"Access-Control-Allow-Origin":  "same-origin",
 				"Access-Control-Allow-Headers": allowedHeaders,
 				"Access-Control-Allow-Methods": http.MethodPost,
 			},
@@ -76,6 +79,7 @@ func Test_getValidCORSHeaders(t *testing.T) {
 			"Access-Control-Allow-Headers": "clientid",
 		},
 			map[string]string{
+				"Access-Control-Allow-Origin":  "*",
 				"Access-Control-Allow-Headers": allowedHeaders + ", clientid",
 				"Access-Control-Allow-Methods": allowedMethods,
 			},
@@ -89,6 +93,7 @@ func Test_getValidCORSHeaders(t *testing.T) {
 			map[string]string{
 				"Access-Control-Allow-Credentials": "true",
 				"Access-Control-Max-Age":           strconv.Itoa(600),
+				"Access-Control-Allow-Origin":      "*",
 				"Access-Control-Allow-Headers":     allowedHeaders,
 				"Access-Control-Allow-Methods":     allowedMethods,
 			},
