From ef0bffe11914ae79a877fdf7c2daa0941ac9dba1 Mon Sep 17 00:00:00 2001
From: clsr <clsr@clsr.net>
Date: Fri, 17 Jun 2016 14:17:26 +0200
Subject: Add --cors

---
 main.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 4c19940..798d234 100644
--- a/main.go
+++ b/main.go
@@ -20,6 +20,7 @@ var (
 	csp         string
 	hsts        bool
 	allowHtml   bool
+	cors        bool
 )
 
 func handle(w http.ResponseWriter, r *http.Request) {
@@ -33,8 +34,11 @@ func handle(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func methodHandler(handler http.Handler) http.Handler {
+func globalHandler(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if cors {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+		}
 		if r.Method == http.MethodGet || r.Method == http.MethodPost || r.Method == http.MethodHead {
 			handler.ServeHTTP(w, r)
 		} else {
@@ -55,6 +59,7 @@ func main() {
 	flag.StringVar(&csp, "csp", "default-src 'none'; media-src 'self'", "the Content-Security-Policy header for files; blank to disable")
 	flag.BoolVar(&hsts, "hsts", false, "enable HSTS")
 	flag.BoolVar(&allowHtml, "allow-html", false, "serve (X)HTML uploads with (X)HTML filetypes")
+	flag.BoolVar(&cors, "cors", false, "enable CORS and allow all origins")
 	listenHttp := flag.String("http", "localhost:8080", "address to listen on for HTTP")
 	listenHttps := flag.String("https", "", "address to listen on for HTTPS")
 	cert := flag.String("cert", "", "path to TLS certificate (for HTTPS)")
@@ -106,12 +111,12 @@ func main() {
 	if *listenHttp != "" {
 		exit = false
 		fmt.Printf("listening on http://%s/\n", *listenHttp)
-		go panic(http.ListenAndServe(*listenHttp, methodHandler(http.HandlerFunc(handle))))
+		go panic(http.ListenAndServe(*listenHttp, globalHandler(http.HandlerFunc(handle))))
 	}
 	if *listenHttps != "" {
 		exit = false
 		fmt.Printf("listening on https://%s/\n", *listenHttps)
-		go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, methodHandler(http.HandlerFunc(handle))))
+		go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, globalHandler(http.HandlerFunc(handle))))
 	}
 
 	if !exit {
-- 
cgit