wildcard CORS is bad. Make note of this, not fixed
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				continuous-integration/drone/push Build is passing
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	continuous-integration/drone/push Build is passing
				
			This commit is contained in:
		
							
								
								
									
										4
									
								
								main.go
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								main.go
									
									
									
									
									
								
							| @@ -78,7 +78,9 @@ func main() { | |||||||
| // HTTP handler function | // HTTP handler function | ||||||
| func countHandler(w http.ResponseWriter, r *http.Request) { | func countHandler(w http.ResponseWriter, r *http.Request) { | ||||||
| 	if r.Method == "GET" { | 	if r.Method == "GET" { | ||||||
| 		// CORS header change required | 		// CORS header change required. | ||||||
|  | 		//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded | ||||||
|  | 		// front end code on a different website than your own.  Need to implement environment variable to set allowed origin. | ||||||
| 		w.Header().Set("Access-Control-Allow-Origin", "*") | 		w.Header().Set("Access-Control-Allow-Origin", "*") | ||||||
| 		w.Write([]byte(strconv.Itoa(uniqueVisits))) | 		w.Write([]byte(strconv.Itoa(uniqueVisits))) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user