photoprism/pkg/header/cors.go

package header

import (
	"net/http"
	"strings"
)

// Cross-Origin Resource Sharing (CORS) headers.
const (
	AccessControlAllowOrigin      = "Access-Control-Allow-Origin"      // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
	AccessControlAllowCredentials = "Access-Control-Allow-Credentials" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
	AccessControlAllowHeaders     = "Access-Control-Allow-Headers"     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
	AccessControlAllowMethods     = "Access-Control-Allow-Methods"     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
	AccessControlMaxAge           = "Access-Control-Max-Age"           // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
)

// CORS header defaults.
var (
	DefaultAccessControlAllowOrigin      = ""
	DefaultAccessControlAllowCredentials = ""
	SafeHeaders                          = []string{Accept, AcceptRanges, ContentDisposition, ContentEncoding, ContentRange, Location, Vary}
	DefaultAccessControlAllowHeaders     = strings.Join(SafeHeaders, ", ")
	SafeMethods                          = []string{http.MethodGet, http.MethodHead, http.MethodOptions}
	DefaultAccessControlAllowMethods     = strings.Join(SafeMethods, ", ")
	DefaultAccessControlMaxAge           = "3600"
)
Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940 In addition, the Access-Control-Allow-Origin header is set to the same URL if an Origin header is found in the request (experimental). Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-15 13:06:27 +01:00			`package header`

Config: Update CORS header defaults and add /api/v1/echo endpoint #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 14:36:08 +01:00			`import (`
			`"net/http"`
			`"strings"`
			`)`

Config: Add options to configure CORS origin, headers and methods #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 12:14:06 +01:00			`// Cross-Origin Resource Sharing (CORS) headers.`
Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940 In addition, the Access-Control-Allow-Origin header is set to the same URL if an Origin header is found in the request (experimental). Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-15 13:06:27 +01:00			`const (`
			`AccessControlAllowOrigin = "Access-Control-Allow-Origin" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin`
			`AccessControlAllowCredentials = "Access-Control-Allow-Credentials" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials`
			`AccessControlAllowHeaders = "Access-Control-Allow-Headers" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers`
			`AccessControlAllowMethods = "Access-Control-Allow-Methods" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods`
Config: Add options to configure CORS origin, headers and methods #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 12:14:06 +01:00			`AccessControlMaxAge = "Access-Control-Max-Age" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age`
			`)`

			`// CORS header defaults.`
			`var (`
			`DefaultAccessControlAllowOrigin = ""`
			`DefaultAccessControlAllowCredentials = ""`
Config: Update CORS header defaults and add /api/v1/echo endpoint #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 14:36:08 +01:00			`SafeHeaders = []string{Accept, AcceptRanges, ContentDisposition, ContentEncoding, ContentRange, Location, Vary}`
			`DefaultAccessControlAllowHeaders = strings.Join(SafeHeaders, ", ")`
			`SafeMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions}`
			`DefaultAccessControlAllowMethods = strings.Join(SafeMethods, ", ")`
Config: Add options to configure CORS origin, headers and methods #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 12:14:06 +01:00			`DefaultAccessControlMaxAge = "3600"`
Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940 In addition, the Access-Control-Allow-Origin header is set to the same URL if an Origin header is found in the request (experimental). Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-15 13:06:27 +01:00			`)`