From 2a2e892bf3e1a358d0e185b6ef411d7b5f428da7 Mon Sep 17 00:00:00 2001
From: zhuojie <zhuojie@checkr.com>
Date: Thu, 13 Aug 2020 12:40:32 -0700
Subject: [PATCH] Add cors env

---
 pkg/config/env.go        |  7 ++++++-
 pkg/config/middleware.go | 10 +++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkg/config/env.go b/pkg/config/env.go
index 103ba0b8..9efdbfaf 100644
--- a/pkg/config/env.go
+++ b/pkg/config/env.go
@@ -71,7 +71,12 @@ var Config = struct {
 	DBConnectionRetryDelay    time.Duration `env:"FLAGR_DB_DBCONNECTION_RETRY_DELAY" envDefault:"100ms"`
 
 	// CORSEnabled - enable CORS
-	CORSEnabled bool `env:"FLAGR_CORS_ENABLED" envDefault:"true"`
+	CORSEnabled          bool     `env:"FLAGR_CORS_ENABLED" envDefault:"true"`
+	CORSAllowCredentials bool     `env:"FLAGR_CORS_ALLOW_CREDENTIALS" envDefault:"true"`
+	CORSAllowedHeaders   []string `env:"FLAGR_CORS_ALLOWED_HEADERS" envDefault:"Origin,Accept,Content-Type,X-Requested-With,Authorization,Time_Zone" envSeparator:","`
+	CORSAllowedMethods   []string `env:"FLAGR_CORS_ALLOWED_METHODS" envDefault:"GET,POST,PUT,DELETE,PATCH" envSeparator:","`
+	CORSAllowedOrigins   []string `env:"FLAGR_CORS_ALLOWED_ORIGINS" envDefault:"*" envSeparator:","`
+	CORSExposedHeaders   []string `env:"FLAGR_CORS_EXPOSED_HEADERS" envDefault:"WWW-Authenticate" envSeparator:","`
 
 	// SentryEnabled - enable Sentry and Sentry DSN
 	SentryEnabled     bool   `env:"FLAGR_SENTRY_ENABLED" envDefault:"false"`
diff --git a/pkg/config/middleware.go b/pkg/config/middleware.go
index 10ba1cab..f2baa1a7 100644
--- a/pkg/config/middleware.go
+++ b/pkg/config/middleware.go
@@ -73,11 +73,11 @@ func SetupGlobalMiddleware(handler http.Handler) http.Handler {
 
 	if Config.CORSEnabled {
 		n.Use(cors.New(cors.Options{
-			AllowedOrigins:   []string{"*"},
-			AllowedHeaders:   []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Time_Zone"},
-			ExposedHeaders:   []string{"Www-Authenticate"},
-			AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
-			AllowCredentials: true,
+			AllowedOrigins:   Config.CORSAllowedOrigins,
+			AllowedHeaders:   Config.CORSAllowedHeaders,
+			ExposedHeaders:   Config.CORSExposedHeaders,
+			AllowedMethods:   Config.CORSAllowedMethods,
+			AllowCredentials: Config.CORSAllowCredentials,
 		}))
 	}