wildcard CORS is bad. Make note of this, not fixed
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
86ffcb6f3b
commit
d432521dae
4
main.go
4
main.go
@ -78,7 +78,9 @@ func main() {
|
|||||||
// HTTP handler function
|
// HTTP handler function
|
||||||
func countHandler(w http.ResponseWriter, r *http.Request) {
|
func countHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.Method == "GET" {
|
if r.Method == "GET" {
|
||||||
// CORS header change required
|
// CORS header change required.
|
||||||
|
//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
|
||||||
|
// front end code on a different website than your own. Need to implement environment variable to set allowed origin.
|
||||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||||
w.Write([]byte(strconv.Itoa(uniqueVisits)))
|
w.Write([]byte(strconv.Itoa(uniqueVisits)))
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user