Skip to content

Commit

Permalink
fix CORS header fields from being clobbered by error pages. Closes #661
Browse files Browse the repository at this point in the history
  • Loading branch information
@tj
tj committed May 16, 2018
1 parent c6cb2ca commit 40641b0
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 15 deletions.
4 changes: 2 additions & 2 deletions handler/handler.go
View file
Expand Up @@ -45,6 +45,8 @@ func New(c *up.Config, h http.Handler) (http.Handler, error) {
return nil, errors.Wrap(err, "headers")
}

h = cors.New(c, h)

h, err = errorpages.New(c, h)
if err != nil {
return nil, errors.Wrap(err, "error pages")
Expand All @@ -55,8 +57,6 @@ func New(c *up.Config, h http.Handler) (http.Handler, error) {
return nil, errors.Wrap(err, "inject")
}

h = cors.New(c, h)

h, err = redirects.New(c, h)
if err != nil {
return nil, errors.Wrap(err, "redirects")
Expand Down
22 changes: 9 additions & 13 deletions internal/util/util.go
View file
Expand Up @@ -28,20 +28,16 @@ import (
"golang.org/x/net/publicsuffix"
)

// Fields retained when clearing.
var keepFields = map[string]bool{
"X-Powered-By": true,
}

// ClearHeader removes all header fields.
// ClearHeader removes all content header fields.
func ClearHeader(h http.Header) {
for k := range h {
if keepFields[k] {
continue
}

h.Del(k)
}
h.Del("Content-Type")
h.Del("Content-Length")
h.Del("Content-Encoding")
h.Del("Content-Range")
h.Del("Content-MD5")
h.Del("Cache-Control")
h.Del("ETag")
h.Del("Last-Modified")
}

// ManagedByUp appends "Managed by Up".
Expand Down

0 comments on commit 40641b0

Please sign in to comment.