Add CORS header ('Access-Control-Allow-Origin') to 'AllReader'

Allows all API endpoints using 'AllReader' to be queryable by any origin.
writefreely · Jun 24, 2020 · 94bcb91 · 94bcb91
1 parent 5c94d23
commit 94bcb91
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/handle.go b/handle.go
@@ -599,6 +599,9 @@ func (h *Handler) AllReader(f handlerFunc) http.HandlerFunc {
 				log.Info(h.app.ReqLog(r, status, time.Since(start)))
 			}()
 
+			// Allow any origin, as public endpoints are handled in here
+			w.Header().Set("Access-Control-Allow-Origin", "*");
+
 			if h.app.App().cfg.App.Private {
 				// This instance is private, so ensure it's being accessed by a valid user
 				// Check if authenticated with an access token