Implement api/server/cors (#1294)

api/server/cors/cors.go

@@ -0,0 +1,43 @@
+package cors
+
+import (
+	"net/http"
+)
+
+// CombinedCORSHandler wraps a server and provides CORS headers
+func CombinedCORSHandler(h http.Handler) http.Handler {
+	return corsHandler{h}
+}
+
+type corsHandler struct {
+	handler http.Handler
+}
+
+func (c corsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	SetHeaders(w, r)
+
+	if r.Method == "OPTIONS" {
+		return
+	}
+
+	c.handler.ServeHTTP(w, r)
+}
+
+// SetHeaders sets the CORS headers
+func SetHeaders(w http.ResponseWriter, r *http.Request) {
+	set := func(w http.ResponseWriter, k, v string) {
+		if v := w.Header().Get(k); len(v) > 0 {
+			return
+		}
+		w.Header().Set(k, v)
+	}
+
+	if origin := r.Header.Get("Origin"); len(origin) > 0 {
+		set(w, "Access-Control-Allow-Origin", origin)
+	} else {
+		set(w, "Access-Control-Allow-Origin", "*")
+	}
+
+	set(w, "Access-Control-Allow-Methods", "POST, PATCH, GET, OPTIONS, PUT, DELETE")
+	set(w, "Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+}