apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-26 21:01:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
develop
photoprism/internal/server/api.go
Michael Mayer 023fbe3a1d Pkg: Add service/cluster package & rename media/http → service/http #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-09-13 12:58:28 +02:00

39 lines
1.3 KiB
Go
Raw Permalink Blame History

package server
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/photoprism/photoprism/internal/config"
"github.com/photoprism/photoprism/pkg/service/http/header"
)
// Api is a middleware that sets additional response headers when serving REST API requests.
var Api = func(conf *config.Config) gin.HandlerFunc {
return func(c *gin.Context) {
// Add a vary response header for authentication, if any.
if c.GetHeader(header.XAuthToken) != "" {
c.Writer.Header().Add(header.Vary, header.XAuthToken)
} else if c.GetHeader(header.XSessionID) != "" {
c.Writer.Header().Add(header.Vary, header.XSessionID)
}
// If permitted, set CORS headers (Cross-Origin Resource Sharing).
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
if origin := conf.CORSOrigin(); origin != "" {
c.Header(header.AccessControlAllowOrigin, origin)
// Handle OPTIONS preflight requests by adding CORS headers
// and aborting the request with HTTP status code 204.
if c.Request.Method == http.MethodOptions {
c.Header(header.AccessControlAllowHeaders, conf.CORSHeaders())
c.Header(header.AccessControlAllowMethods, conf.CORSMethods())
c.Header(header.AccessControlMaxAge, header.DefaultAccessControlMaxAge)
c.AbortWithStatus(http.StatusNoContent)
return
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink