wildcard CORS is bad. Make note of this, not fixed
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
4
main.go
4
main.go
@@ -78,7 +78,9 @@ func main() {
|
||||
// HTTP handler function
|
||||
func countHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == "GET" {
|
||||
// CORS header change required
|
||||
// CORS header change required.
|
||||
//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
|
||||
// front end code on a different website than your own. Need to implement environment variable to set allowed origin.
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
w.Write([]byte(strconv.Itoa(uniqueVisits)))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user