mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-09 11:31:52 +01:00
Code Issues Projects Releases Wiki Activity

Return error on bad CORS and add Header specification to API request primitive

Browse Source
This commit is contained in:
Jeff Mitchell 2017-06-19 18:20:44 -04:00
parent 573fe37634
commit 7e16fffd2f
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/request.go
View File

@ -14,6 +14,7 @@ type Request struct {
Method string Method string
URL *url.URL URL *url.URL
Params url.Values Params url.Values
Headers http.Header
ClientToken string ClientToken string
WrapTTL string WrapTTL string
Obj interface{} Obj interface{}
@ -60,6 +61,14 @@ func (r *Request) ToHTTP() (*http.Request, error) {
req.URL.Host = r.URL.Host req.URL.Host = r.URL.Host
req.Host = r.URL.Host req.Host = r.URL.Host
if r.Headers != nil {
for header, vals := range r.Headers {
for _, val := range vals {
req.Header.Add(header, val)
}
}
}
if len(r.ClientToken) != 0 { if len(r.ClientToken) != 0 {
req.Header.Set("X-Vault-Token", r.ClientToken) req.Header.Set("X-Vault-Token", r.ClientToken)
} }

3
http/cors.go
View File

@ -1,6 +1,7 @@
package http package http
import ( import (
"fmt"
"net/http" "net/http"
"strings" "strings"
@ -40,7 +41,7 @@ func wrapCORSHandler(h http.Handler, core *vault.Core) http.Handler {
// Return a 403 if the origin is not // Return a 403 if the origin is not
// allowed to make cross-origin requests. // allowed to make cross-origin requests.
if !corsConf.IsValidOrigin(origin) { if !corsConf.IsValidOrigin(origin) {
w.WriteHeader(http.StatusForbidden) respondError(w, http.StatusForbidden, fmt.Errorf("origin not allowed"))
return return
} }