wildcard CORS is bad. Make note of this, not fixed
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Steven Polley 2020-06-20 20:42:42 -06:00
parent 86ffcb6f3b
commit d432521dae

View File

@ -78,7 +78,9 @@ func main() {
// HTTP handler function
func countHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
// CORS header change required
// CORS header change required.
//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
// front end code on a different website than your own. Need to implement environment variable to set allowed origin.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Write([]byte(strconv.Itoa(uniqueVisits)))