From e5836fc98dd7e5cada52ca23339bd3d5fcb38eaf Mon Sep 17 00:00:00 2001
From: Pierre Mdawar <pierre@mdawar.dev>
Date: Wed, 23 Aug 2023 16:47:30 +0300
Subject: [PATCH] Added CORS support for the monitoring server

---
 server/monitor.go      | 1 +
 server/monitor_test.go | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/monitor.go b/server/monitor.go
index b7b26b48c5..1fddcd84ce 100644
--- a/server/monitor.go
+++ b/server/monitor.go
@@ -2313,6 +2313,7 @@ func ResponseHandler(w http.ResponseWriter, r *http.Request, data []byte) {
 	} else {
 		// Otherwise JSON
 		w.Header().Set("Content-Type", "application/json")
+		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Write(data)
 	}
 }
diff --git a/server/monitor_test.go b/server/monitor_test.go
index c98429cbbc..521df0435a 100644
--- a/server/monitor_test.go
+++ b/server/monitor_test.go
@@ -157,7 +157,14 @@ func readBodyEx(t *testing.T, url string, status int, content string) []byte {
 	}
 	ct := resp.Header.Get("Content-Type")
 	if ct != content {
-		stackFatalf(t, "Expected %s content-type, got %s\n", content, ct)
+		stackFatalf(t, "Expected %q content-type, got %q\n", content, ct)
+	}
+	// Check the CORS header for "application/json" requests only.
+	if ct == appJSONContent {
+		acao := resp.Header.Get("Access-Control-Allow-Origin")
+		if acao != "*" {
+			stackFatalf(t, "Expected with %q Content-Type an Access-Control-Allow-Origin header with value %q, got %q\n", appJSONContent, "*", acao)
+		}
 	}
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {