feat: 删除 CORS 相关

2024-11-10 09:02:42 +08:00 · 2023-02-17 10:21:53 +08:00 · 2023-02-17 10:21:53 +08:00 · e3976aa359
commit e3976aa359
parent 3a7cd173e6
3 changed files with 0 additions and 79 deletions
--- a/backend/configs/config.go
+++ b/backend/configs/config.go
@ -4,5 +4,4 @@ type ServerConfig struct {
 	BaseDir   string    `mapstructure:"base_dir"`
 	System    System    `mapstructure:"system"`
 	LogConfig LogConfig `mapstructure:"log"`
-	CORS      CORS      `mapstructure:"cors"`
 }
--- a/backend/configs/cors.go
+++ b/backend/configs/cors.go
@ -1,14 +0,0 @@
-package configs
-
-type CORS struct {
-	Mode      string          `mapstructure:"mode"`
-	WhiteList []CORSWhiteList `mapstructure:"whitelist"`
-}
-
-type CORSWhiteList struct {
-	AllowOrigin      string `mapstructure:"allow-origin"`
-	AllowMethods     string `mapstructure:"allow-methods"`
-	AllowHeaders     string `mapstructure:"allow-headers"`
-	ExposeHeaders    string `mapstructure:"expose-headers"`
-	AllowCredentials bool   `mapstructure:"allow-credentials"`
-}
--- a/backend/middleware/cors.go
+++ b/backend/middleware/cors.go
@ -1,64 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-
-	"github.com/1Panel-dev/1Panel/backend/configs"
-	"github.com/1Panel-dev/1Panel/backend/global"
-
-	"github.com/gin-gonic/gin"
-)
-
-func Cors() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		method := c.Request.Method
-		origin := c.Request.Header.Get("Origin")
-		c.Header("Access-Control-Allow-Origin", origin)
-		c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
-		c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
-		c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
-		c.Header("Access-Control-Allow-Credentials", "true")
-
-		if method == "OPTIONS" {
-			c.AbortWithStatus(http.StatusNoContent)
-		}
-		c.Next()
-	}
-}
-
-func CorsByRules() gin.HandlerFunc {
-	mode := global.CONF.CORS.Mode
-	if mode == "allow-all" {
-		return Cors()
-	}
-	return func(c *gin.Context) {
-		whitelist := checkCors(c.GetHeader("origin"))
-		if whitelist != nil {
-			c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
-			c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
-			c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
-			c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
-			if whitelist.AllowCredentials {
-				c.Header("Access-Control-Allow-Credentials", "true")
-			}
-		}
-		if whitelist == nil && mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
-			c.AbortWithStatus(http.StatusForbidden)
-		} else {
-			if c.Request.Method == "OPTIONS" {
-				c.AbortWithStatus(http.StatusNoContent)
-			}
-		}
-
-		c.Next()
-	}
-}
-
-func checkCors(currentOrigin string) *configs.CORSWhiteList {
-	for _, whitelist := range global.CONF.CORS.WhiteList {
-		if currentOrigin == whitelist.AllowOrigin {
-			return &whitelist
-		}
-	}
-	return nil
-}