Add CORS header to let the UI hit the API

fsufitch · Feb 12, 2020 · 2584dcb · 2584dcb
1 parent 9ce255c
commit 2584dcb
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/web/security.go b/web/security.go
@@ -22,6 +22,7 @@ type wrappedHandler struct {
 
 func (h wrappedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	auth := r.Header.Get("Authorization")
+	w.Header().Set("Access-Control-Allow-Origin", "*") // TODO: make this smarter?
 	if !strings.HasPrefix(auth, "Bearer ") {
 		plainTextResponse(w, http.StatusUnauthorized, []byte("Missing `Authorization: Bearer ...` header"))
 		h.log.HTTP(http.StatusUnauthorized, r)