determineCORSBehavior examines the given token and conditionally applies CORS middleware if the token specifies that behavior.
(token *SignedToken, app appurl.ApplicationURL)
| 361 | // determineCORSBehavior examines the given token and conditionally applies |
| 362 | // CORS middleware if the token specifies that behavior. |
| 363 | func (s *Server) determineCORSBehavior(token *SignedToken, app appurl.ApplicationURL) func(http.Handler) http.Handler { |
| 364 | return func(next http.Handler) http.Handler { |
| 365 | // Create the CORS middleware handler upfront. |
| 366 | corsHandler := httpmw.WorkspaceAppCors(s.HostnameRegex, app)(next) |
| 367 | |
| 368 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 369 | var behavior codersdk.CORSBehavior |
| 370 | if token != nil { |
| 371 | behavior = token.CORSBehavior |
| 372 | } |
| 373 | |
| 374 | // Add behavior to context regardless of which handler we use, |
| 375 | // since we will use this later on to determine if we should strip |
| 376 | // CORS headers in the response. |
| 377 | r = r.WithContext(cors.WithBehavior(r.Context(), behavior)) |
| 378 | |
| 379 | switch behavior { |
| 380 | case codersdk.CORSBehaviorPassthru: |
| 381 | // Bypass the CORS middleware. |
| 382 | next.ServeHTTP(rw, r) |
| 383 | return |
| 384 | default: |
| 385 | // Apply the CORS middleware. |
| 386 | corsHandler.ServeHTTP(rw, r) |
| 387 | } |
| 388 | }) |
| 389 | } |
| 390 | } |
| 391 | |
| 392 | // HandleSubdomain handles subdomain-based application proxy requests (aka. |
| 393 | // DevURLs in Coder V1). |
no test coverage detected