chore(http): add a warning if multiple CORS headers are detected

tucksaun · tucksaun · commit ac66e13fab7b · 2024-12-09T12:50:48.000+01:00
diff --git a/local/http/cors.go b/local/http/cors.go
@@ -21,14 +21,26 @@ package http
 
 import (
 	"net/http"
+
+	"github.com/rs/zerolog"
 )
 
-func corsWrapper(h http.Handler) http.Handler {
+func corsWrapper(h http.Handler, logger zerolog.Logger) http.Handler {
+	var corsHeaders = []string{"Access-Control-Allow-Origin", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers"}
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Allow-Methods", "*")
-		w.Header().Set("Access-Control-Allow-Headers", "*")
+		for _, corsHeader := range corsHeaders {
+			w.Header().Set(corsHeader, "*")
+		}
 
 		h.ServeHTTP(w, r)
+
+		for _, corsHeader := range corsHeaders {
+			if headers, exists := w.Header()[corsHeader]; !exists || len(headers) < 2 {
+				continue
+			}
+
+			logger.Warn().Msgf(`Multiple entries detected for header "%s". Only one should be set: you should enable CORS handling in the CLI only if the application does not handle them.`, corsHeader)
+		}
 	})
 }
diff --git a/local/http/http.go b/local/http/http.go
@@ -100,7 +100,7 @@ func (s *Server) Start(errChan chan error) (int, error) {
 	}
 
 	if s.AllowCORS {
-		proxyHandler = corsWrapper(proxyHandler)
+		proxyHandler = corsWrapper(proxyHandler, s.Logger)
 	}
 
 	s.httpserver = &http.Server{

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ func (s *Server) Start(errChan chan error) (int, error) {`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`if s.AllowCORS {`
`103`		`- proxyHandler = corsWrapper(proxyHandler)`
	`103`	`+ proxyHandler = corsWrapper(proxyHandler, s.Logger)`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`s.httpserver = &http.Server{`