From ac6cba246a51cbed6e1d224fbc45f1fb8bf298cf Mon Sep 17 00:00:00 2001
From: Jonas Kaninda <me@jonaskaninda.com>
Date: Tue, 29 Oct 2024 10:35:31 +0100
Subject: [PATCH] fix: route cors origin

---
 pkg/handler.go | 27 ++++++++++++++++++---------
 pkg/proxy.go   | 20 +++++++++-----------
 pkg/route.go   |  2 --
 3 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/pkg/handler.go b/pkg/handler.go
index 5cd5e3c..9ff4816 100644
--- a/pkg/handler.go
+++ b/pkg/handler.go
@@ -34,17 +34,16 @@ func CORSHandler(cors Cors) mux.MiddlewareFunc {
 				w.Header().Set(k, v)
 			}
 			//Update Origin Cors Headers
-			for _, origin := range cors.Origins {
-				if origin == r.Header.Get("Origin") {
-					w.Header().Set("Access-Control-Allow-Origin", origin)
-
+			if allowedOrigin(cors.Origins, r.Header.Get("Origin")) {
+				// Handle preflight requests (OPTIONS)
+				if r.Method == "OPTIONS" {
+					w.Header().Set(accessControlAllowOrigin, r.Header.Get("Origin"))
+					w.WriteHeader(http.StatusNoContent)
+					return
+				} else {
+					w.Header().Set(accessControlAllowOrigin, r.Header.Get("Origin"))
 				}
 			}
-			// Handle preflight requests (OPTIONS)
-			if r.Method == "OPTIONS" {
-				w.WriteHeader(http.StatusNoContent)
-				return
-			}
 			// Pass the request to the next handler
 			next.ServeHTTP(w, r)
 		})
@@ -118,3 +117,13 @@ func (heathRoute HealthCheckRoute) HealthReadyHandler(w http.ResponseWriter, r *
 		return
 	}
 }
+func allowedOrigin(origins []string, origin string) bool {
+	for _, o := range origins {
+		if o == origin {
+			return true
+		}
+		continue
+	}
+	return false
+
+}
diff --git a/pkg/proxy.go b/pkg/proxy.go
index 0bd0c78..88d9e90 100644
--- a/pkg/proxy.go
+++ b/pkg/proxy.go
@@ -43,19 +43,17 @@ func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
 		for k, v := range proxyRoute.cors.Headers {
 			w.Header().Set(k, v)
 		}
-
-		//Update Origin Cors Headers
-		for _, origin := range proxyRoute.cors.Origins {
-			if origin == r.Header.Get("Origin") {
-				w.Header().Set(accessControlAllowOrigin, origin)
-
+		if allowedOrigin(proxyRoute.cors.Origins, r.Header.Get("Origin")) {
+			// Handle preflight requests (OPTIONS)
+			if r.Method == "OPTIONS" {
+				w.Header().Set(accessControlAllowOrigin, r.Header.Get("Origin"))
+				w.WriteHeader(http.StatusNoContent)
+				return
+			} else {
+				w.Header().Set(accessControlAllowOrigin, r.Header.Get("Origin"))
 			}
 		}
-		// Handle preflight requests (OPTIONS)
-		if r.Method == "OPTIONS" {
-			w.WriteHeader(http.StatusNoContent)
-			return
-		}
+
 		// Parse the target backend URL
 		targetURL, err := url.Parse(proxyRoute.destination)
 		if err != nil {
diff --git a/pkg/route.go b/pkg/route.go
index f2fc3a8..ccb5828 100644
--- a/pkg/route.go
+++ b/pkg/route.go
@@ -40,8 +40,6 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 		// Add rate limit middleware to all routes, if defined
 		r.Use(limiter.RateLimitMiddleware())
 	}
-	// Add the errorInterceptor middleware
-	//r.Use(middleware.ErrorInterceptor)
 	for _, route := range gateway.Routes {
 		if route.Path != "" {
 			blM := middleware.BlockListMiddleware{