eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-03-03 02:17:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Chore: Add CORS error logging and update error messages for failed CORS requests

Browse Source
This commit is contained in:
Ralph Slooten
2026-02-08 11:19:54 +13:00
parent 9d2f30787a
commit 7d314d2b50
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/cors.go
View File

@@ -43,7 +43,7 @@ func corsOriginAccessControl(r *http.Request) bool {
if len(origin) != 0 {
u, err := url.Parse(origin[0])
if err != nil {
logger.Log().Errorf("CORS origin parse error: %v", err)
logger.Log().Errorf("[cors] origin parse error: %v", err)
return false
}
@@ -57,6 +57,9 @@ func corsOriginAccessControl(r *http.Request) bool {
if corsAllowOrigins[originHostFold] {
return true
}
logger.Log().Warnf("[cors] blocking request from unauthorized origin: %s", u.Hostname())
return false
}

4
server/server.go
View File

@@ -291,7 +291,7 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
if strings.HasPrefix(r.RequestURI, config.Webroot+"api/") || htmlPreviewRouteRe.MatchString(r.RequestURI) {
if allowed := corsOriginAccessControl(r); !allowed {
http.Error(w, "Unauthorised.", http.StatusForbidden)
http.Error(w, "Blocked to to CORS violation", http.StatusForbidden)
return
}
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
@@ -337,7 +337,7 @@ func addSlashToWebroot(w http.ResponseWriter, r *http.Request) {
// Websocket to broadcast changes
func apiWebsocket(w http.ResponseWriter, r *http.Request) {
if allowed := corsOriginAccessControl(r); !allowed {
http.Error(w, "Unauthorised.", http.StatusForbidden)
http.Error(w, "Blocked to to CORS violation", http.StatusForbidden)
return
}
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))