🐛 多域名跨域

2021-01-08 16:32:02 +08:00
parent 0cd4624a36
commit dcebf5257f
6 changed files with 26 additions and 6 deletions
--- a/server/middlewares.go
+++ b/server/middlewares.go
@ -2,6 +2,7 @@ package server

 import (
 	"github.com/Xhofe/alist/conf"
+	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
 	"net/http"
 )
@ -9,10 +10,14 @@ import (
 func CrosHandler() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		method := context.Request.Method
-		context.Writer.Header().Set("Access-Control-Allow-Origin", "*")
-		context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl) // 设置允许访问所有域
+		// 设置跨域
+		if conf.Conf.Info.SiteUrl=="*"||utils.ContainsString(conf.Origins,context.GetHeader("Origin"))!=-1 {
+			context.Header("Access-Control-Allow-Origin",context.GetHeader("Origin"))
+		}else {
+			context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl)//跨域访问
+		}
 		context.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE,UPDATE")
-		context.Header("Access-Control-Allow-Headers", "Authorization, Content-Length, X-CSRF-Token, Token,session,X_Requested_With,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language,DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Pragma,token,openid,opentoken")
+		context.Header("Access-Control-Allow-Headers", "Content-Length,session,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, Keep-Alive, User-Agent, Cache-Control, Content-Type, Pragma")
 		context.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar")
 		context.Header("Access-Control-Max-Age", "172800")
 		context.Header("Access-Control-Allow-Credentials", "true")