fix: cors (#621)

* fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * check origin on userinfo * update oidc pkg
2025-08-12 00:27:31 +00:00 · 2020-08-24 10:06:55 +02:00
parent 193cfb45f6
commit 4e1e8a714a
18 changed files with 128 additions and 26 deletions
--- a/internal/api/http/origin.go
+++ b/internal/api/http/origin.go
@@ -0,0 +1,23 @@
+package http
+
+import (
+	"fmt"
+	"net/url"
+)
+
+func GetOriginFromURLString(s string) (string, error) {
+	parsed, err := url.Parse(s)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host), nil
+}
+
+func IsOriginAllowed(allowList []string, origin string) bool {
+	for _, allowed := range allowList {
+		if allowed == origin {
+			return true
+		}
+	}
+	return false
+}