| 92 | } |
| 93 | |
| 94 | func WorkspaceAppCors(regex *regexp.Regexp, app appurl.ApplicationURL) func(next http.Handler) http.Handler { |
| 95 | return cors.Handler(cors.Options{ |
| 96 | AllowOriginFunc: func(_ *http.Request, rawOrigin string) bool { |
| 97 | origin, err := url.Parse(rawOrigin) |
| 98 | if rawOrigin == "" || origin.Host == "" || err != nil { |
| 99 | return false |
| 100 | } |
| 101 | subdomain, ok := appurl.ExecuteHostnamePattern(regex, origin.Host) |
| 102 | if !ok { |
| 103 | return false |
| 104 | } |
| 105 | originApp, err := appurl.ParseSubdomainAppURL(subdomain) |
| 106 | if err != nil { |
| 107 | return false |
| 108 | } |
| 109 | return ok && originApp.Username == app.Username |
| 110 | }, |
| 111 | AllowedMethods: []string{ |
| 112 | http.MethodHead, |
| 113 | http.MethodGet, |
| 114 | http.MethodPost, |
| 115 | http.MethodPut, |
| 116 | http.MethodPatch, |
| 117 | http.MethodDelete, |
| 118 | }, |
| 119 | AllowedHeaders: []string{"*"}, |
| 120 | AllowCredentials: true, |
| 121 | }) |
| 122 | } |