From 7dfc439086c53d0160e12347153d0ea3195fff50 Mon Sep 17 00:00:00 2001 From: Markus Hinz Date: Thu, 4 Feb 2021 18:38:24 +0100 Subject: [PATCH] feat: Add Access-Control-Allow-Origin: * response header to badges (#5395) Signed-off-by: Markus Hinz --- server/badge/badge.go | 3 +++ server/badge/badge_test.go | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/server/badge/badge.go b/server/badge/badge.go index ed38f473ee..3636d691da 100644 --- a/server/badge/badge.go +++ b/server/badge/badge.go @@ -155,6 +155,9 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { //Ask cache's to not cache the contents in order prevent the badge from becoming stale w.Header().Set("Cache-Control", "private, no-store") + + //Allow badges to be fetched via XHR from frontend applications without running into CORS issues + w.Header().Set("Access-Control-Allow-Origin", "*") w.WriteHeader(http.StatusOK) _, _ = w.Write([]byte(badge)) } diff --git a/server/badge/badge_test.go b/server/badge/badge_test.go index 00f0369a0c..244d060bc1 100644 --- a/server/badge/badge_test.go +++ b/server/badge/badge_test.go @@ -68,6 +68,7 @@ func TestHandlerFeatureIsEnabled(t *testing.T) { handler.ServeHTTP(rr, req) assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) + assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) response := rr.Body.String() assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) @@ -116,6 +117,7 @@ func TestHandlerFeatureProjectIsEnabled(t *testing.T) { assert.NoError(t, err) handler.ServeHTTP(rr, req) assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) + assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) response := rr.Body.String() assert.Equal(t, toRGBString(tt.healthColor), leftRectColorPattern.FindStringSubmatch(response)[1]) assert.Equal(t, toRGBString(tt.statusColor), rightRectColorPattern.FindStringSubmatch(response)[1]) @@ -182,6 +184,7 @@ func TestHandlerFeatureIsEnabledRevisionIsEnabled(t *testing.T) { handler.ServeHTTP(rr, req) assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) + assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) response := rr.Body.String() assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) @@ -204,6 +207,7 @@ func TestHandlerRevisionIsEnabledNoOperationState(t *testing.T) { handler.ServeHTTP(rr, req) assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) + assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) response := rr.Body.String() assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) @@ -243,6 +247,7 @@ func TestHandlerFeatureIsDisabled(t *testing.T) { handler.ServeHTTP(rr, req) assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) + assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) response := rr.Body.String() assert.Equal(t, toRGBString(Purple), leftRectColorPattern.FindStringSubmatch(response)[1])