From 0ee76d3c92086b144f8be7d09c7bd7c12783bdcb Mon Sep 17 00:00:00 2001
From: leonmin <1334137558@qq.com>
Date: Sun, 14 Jul 2024 02:26:20 +0800
Subject: [PATCH] =?UTF-8?q?feature:=20=E5=A4=84=E7=90=86=E8=B7=A8=E5=9F=9F?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cmd/api/middleware.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/cmd/api/middleware.go b/cmd/api/middleware.go
index d180f68..038bf55 100644
--- a/cmd/api/middleware.go
+++ b/cmd/api/middleware.go
@@ -152,11 +152,10 @@ func (app *application) requirePermission(code string, next http.HandlerFunc) ht
 
 func (app *application) enableCORS(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Add("Vary", "Origin")
 		w.Header().Add("Vary", "Access-Control-Request-Method")
 		origin := r.Header.Get("Origin")
-		if origin != "" {
+		if origin != "" && len(app.config.cors.trustedOrigins) != 0 {
 			for i := range app.config.cors.trustedOrigins {
 				if origin == app.config.cors.trustedOrigins[i] {
 					w.Header().Set("Access-Control-Allow-Origin", origin)
@@ -169,6 +168,14 @@ func (app *application) enableCORS(next http.Handler) http.Handler {
 					break
 				}
 			}
+		} else {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
+				w.Header().Set("Access-Control-Allow-Methods", "OPTIONS, PUT, PATCH, DELETE")
+				w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+				w.WriteHeader(http.StatusOK)
+				return
+			}
 		}
 		next.ServeHTTP(w, r)
 	})