SDI-1659: support for CORS header

intelsdi-x · Feb 7, 2017 · 73f756f · 73f756f
1 parent 791370a
commit 73f756f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/glide.lock b/glide.lock
diff --git a/mgmt/rest/server.go b/mgmt/rest/server.go
@@ -30,6 +30,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/julienschmidt/httprouter"
+	"github.com/rs/cors"
 	"github.com/urfave/negroni"
 
 	"github.com/intelsdi-x/snap/mgmt/rest/api"
@@ -92,6 +93,15 @@ func New(cfg *Config) (*Server, error) {
 		negroni.HandlerFunc(s.authMiddleware),
 	)
 	s.r = httprouter.New()
+
+	// Deals with CORS
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{"GET, POST, DELETE, PUT, PATCH, OPTIONS"},
+		AllowedHeaders: []string{"Origin, X-Requested-With, Content-Type, Accept"},
+	})
+	s.n.Use(c)
+
 	// Use negroni to handle routes
 	s.n.UseHandler(s.r)
 	return s, nil
@@ -133,6 +143,11 @@ func (s *Server) SetAPIAuthPwd(pwd string) {
 
 // Auth Middleware for REST API
 func (s *Server) authMiddleware(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	// Deals with CORS
+	rw.Header().Set("Access-Control-Allow-Origin", "*")
+	rw.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, OPTIONS")
+	rw.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+
 	defer r.Body.Close()
 	if s.auth {
 		_, password, ok := r.BasicAuth()