diff --git a/ui/v2.5/src/components/Performers/PerformerRecommendationRow.tsx b/ui/v2.5/src/components/Performers/PerformerRecommendationRow.tsx
index 40611967a..3c094f7ad 100644
--- a/ui/v2.5/src/components/Performers/PerformerRecommendationRow.tsx
+++ b/ui/v2.5/src/components/Performers/PerformerRecommendationRow.tsx
@@ -1,4 +1,5 @@
import React from "react";
+import { Link } from "react-router-dom";
import { useFindPerformers } from "src/core/StashService";
import Slider from "@ant-design/react-slick";
import { PerformerCard } from "./PerformerCard";
@@ -26,9 +27,9 @@ export const PerformerRecommendationRow: React.FC
= (props) => {
className="performer-recommendations"
header={props.header}
link={
-
+
-
+
}
>
= (
[props.scene]
);
- // studio image is missing if it uses the default
- const missingStudioImage =
- props.scene.studio?.image_path?.endsWith("?default=true");
- const showStudioAsText =
- missingStudioImage || (configuration?.interface.showStudioAsText ?? false);
-
function maybeRenderSceneSpecsOverlay() {
let sizeObj = null;
if (file?.size) {
@@ -146,21 +140,31 @@ export const SceneCard: React.FC = (
);
}
+ function renderStudioThumbnail() {
+ const studioImage = props.scene.studio?.image_path;
+ const studioName = props.scene.studio?.name;
+
+ if (configuration?.interface.showStudioAsText || !studioImage) {
+ return studioName;
+ }
+
+ const studioImageURL = new URL(studioImage);
+ if (studioImageURL.searchParams.get("default") === "true") {
+ return studioName;
+ }
+
+ return (
+ 
+ );
+ }
+
function maybeRenderSceneStudioOverlay() {
if (!props.scene.studio) return;
return (
- {showStudioAsText ? (
- props.scene.studio.name
- ) : (
-
- )}
+ {renderStudioThumbnail()}
);
diff --git a/ui/v2.5/src/components/Scenes/SceneRecommendationRow.tsx b/ui/v2.5/src/components/Scenes/SceneRecommendationRow.tsx
index 86ae558f0..d33762761 100644
--- a/ui/v2.5/src/components/Scenes/SceneRecommendationRow.tsx
+++ b/ui/v2.5/src/components/Scenes/SceneRecommendationRow.tsx
@@ -1,4 +1,5 @@
import React, { useMemo } from "react";
+import { Link } from "react-router-dom";
import { useFindScenes } from "src/core/StashService";
import Slider from "@ant-design/react-slick";
import { SceneCard } from "./SceneCard";
@@ -31,9 +32,9 @@ export const SceneRecommendationRow: React.FC = (props) => {
className="scene-recommendations"
header={props.header}
link={
-
+
-
+
}
>
= ({ studio }) => {
function renderImage() {
let studioImage = studio.image_path;
if (isEditing) {
- if (image === null) {
- studioImage = `${studioImage}&default=true`;
+ if (image === null && studioImage) {
+ const studioImageURL = new URL(studioImage);
+ studioImageURL.searchParams.set("default", "true");
+ studioImage = studioImageURL.toString();
} else if (image) {
studioImage = image;
}
diff --git a/ui/v2.5/src/components/Studios/StudioRecommendationRow.tsx b/ui/v2.5/src/components/Studios/StudioRecommendationRow.tsx
index ec639aeb6..3df4f65c6 100644
--- a/ui/v2.5/src/components/Studios/StudioRecommendationRow.tsx
+++ b/ui/v2.5/src/components/Studios/StudioRecommendationRow.tsx
@@ -1,4 +1,5 @@
import React from "react";
+import { Link } from "react-router-dom";
import { useFindStudios } from "src/core/StashService";
import Slider from "@ant-design/react-slick";
import { StudioCard } from "./StudioCard";
@@ -26,9 +27,9 @@ export const StudioRecommendationRow: React.FC = (props) => {
className="studio-recommendations"
header={props.header}
link={
-
+
-
+
}
>
= ({ tag }) => {
function renderImage() {
let tagImage = tag.image_path;
if (isEditing) {
- if (image === null) {
- tagImage = `${tagImage}&default=true`;
+ if (image === null && tagImage) {
+ const tagImageURL = new URL(tagImage);
+ tagImageURL.searchParams.set("default", "true");
+ tagImage = tagImageURL.toString();
} else if (image) {
tagImage = image;
}
diff --git a/ui/v2.5/src/components/Tags/TagRecommendationRow.tsx b/ui/v2.5/src/components/Tags/TagRecommendationRow.tsx
index 4e50b4989..9d10d7333 100644
--- a/ui/v2.5/src/components/Tags/TagRecommendationRow.tsx
+++ b/ui/v2.5/src/components/Tags/TagRecommendationRow.tsx
@@ -1,4 +1,5 @@
import React from "react";
+import { Link } from "react-router-dom";
import { useFindTags } from "src/core/StashService";
import Slider from "@ant-design/react-slick";
import { TagCard } from "./TagCard";
@@ -26,9 +27,9 @@ export const TagRecommendationRow: React.FC = (props) => {
className="tag-recommendations"
header={props.header}
link={
-
+
-
+
}
>
{
- const baseURL = window.STASH_BASE_URL;
- if (baseURL === "/%BASE_URL%/") return "/";
- return baseURL;
-};
+export const baseURL =
+ document.querySelector("base")?.getAttribute("href") ?? "/";
export const getPlatformURL = (ws?: boolean) => {
- const platformUrl = new URL(window.location.origin + getBaseURL());
+ const platformUrl = new URL(window.location.origin + baseURL);
if (import.meta.env.DEV) {
platformUrl.port = import.meta.env.VITE_APP_PLATFORM_PORT ?? "9999";
@@ -139,10 +136,7 @@ export const createClient = () => {
// handle unauthorized error by redirecting to the login page
if (networkError && (networkError as ServerError).statusCode === 401) {
// redirect to login page
- const newURL = new URL(
- `${getBaseURL()}login`,
- window.location.toString()
- );
+ const newURL = new URL(`${baseURL}login`, window.location.toString());
newURL.searchParams.append("returnURL", window.location.href);
window.location.href = newURL.toString();
}
diff --git a/ui/v2.5/src/globals.d.ts b/ui/v2.5/src/globals.d.ts
index 3bd1b67fe..360388e5f 100644
--- a/ui/v2.5/src/globals.d.ts
+++ b/ui/v2.5/src/globals.d.ts
@@ -1,5 +1,3 @@
-// eslint-disable-next-line no-var
-declare var STASH_BASE_URL: string;
declare module "intersection-observer";
declare module "*.md" {
diff --git a/ui/v2.5/src/index.tsx b/ui/v2.5/src/index.tsx
index ba718f75e..2e66ca2c3 100755
--- a/ui/v2.5/src/index.tsx
+++ b/ui/v2.5/src/index.tsx
@@ -3,14 +3,14 @@ import ReactDOM from "react-dom";
import { BrowserRouter } from "react-router-dom";
import { App } from "./App";
import { getClient } from "./core/StashService";
-import { getPlatformURL, getBaseURL } from "./core/createClient";
+import { baseURL, getPlatformURL } from "./core/createClient";
import "./index.scss";
import * as serviceWorker from "./serviceWorker";
ReactDOM.render(
<>
-
+
diff --git a/vendor/github.com/go-chi/cors/LICENSE b/vendor/github.com/go-chi/cors/LICENSE
new file mode 100644
index 000000000..aee6182f9
--- /dev/null
+++ b/vendor/github.com/go-chi/cors/LICENSE
@@ -0,0 +1,21 @@
+Copyright (c) 2014 Olivier Poitrey
+Copyright (c) 2016-Present https://github.com/go-chi authors
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/go-chi/cors/README.md b/vendor/github.com/go-chi/cors/README.md
new file mode 100644
index 000000000..b41686b6a
--- /dev/null
+++ b/vendor/github.com/go-chi/cors/README.md
@@ -0,0 +1,39 @@
+# CORS net/http middleware
+
+[go-chi/cors](https://github.com/go-chi/cors) is a fork of [github.com/rs/cors](https://github.com/rs/cors) that
+provides a `net/http` compatible middleware for performing preflight CORS checks on the server side. These headers
+are required for using the browser native [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API).
+
+This middleware is designed to be used as a top-level middleware on the [chi](https://github.com/go-chi/chi) router.
+Applying with within a `r.Group()` or using `With()` will not work without routes matching `OPTIONS` added.
+
+## Usage
+
+```go
+func main() {
+ r := chi.NewRouter()
+
+ // Basic CORS
+ // for more ideas, see: https://developer.github.com/v3/#cross-origin-resource-sharing
+ r.Use(cors.Handler(cors.Options{
+ // AllowedOrigins: []string{"https://foo.com"}, // Use this to allow specific origin hosts
+ AllowedOrigins: []string{"https://*", "http://*"},
+ // AllowOriginFunc: func(r *http.Request, origin string) bool { return true },
+ AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+ AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+ ExposedHeaders: []string{"Link"},
+ AllowCredentials: false,
+ MaxAge: 300, // Maximum value not ignored by any of major browsers
+ }))
+
+ r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+ w.Write([]byte("welcome"))
+ })
+
+ http.ListenAndServe(":3000", r)
+}
+```
+
+## Credits
+
+All credit for the original work of this middleware goes out to [github.com/rs](github.com/rs).
diff --git a/vendor/github.com/rs/cors/cors.go b/vendor/github.com/go-chi/cors/cors.go
similarity index 71%
rename from vendor/github.com/rs/cors/cors.go
rename to vendor/github.com/go-chi/cors/cors.go
index d301ca724..8df81636e 100644
--- a/vendor/github.com/rs/cors/cors.go
+++ b/vendor/github.com/go-chi/cors/cors.go
@@ -1,23 +1,21 @@
-/*
-Package cors is net/http handler to handle CORS related requests
-as defined by http://www.w3.org/TR/cors/
-
-You can configure it by passing an option struct to cors.New:
-
- c := cors.New(cors.Options{
- AllowedOrigins: []string{"foo.com"},
- AllowedMethods: []string{"GET", "POST", "DELETE"},
- AllowCredentials: true,
- })
-
-Then insert the handler in the chain:
-
- handler = c.Handler(handler)
-
-See Options documentation for more options.
-
-The resulting handler is a standard net/http handler.
-*/
+// cors package is net/http handler to handle CORS related requests
+// as defined by http://www.w3.org/TR/cors/
+//
+// You can configure it by passing an option struct to cors.New:
+//
+// c := cors.New(cors.Options{
+// AllowedOrigins: []string{"foo.com"},
+// AllowedMethods: []string{"GET", "POST", "DELETE"},
+// AllowCredentials: true,
+// })
+//
+// Then insert the handler in the chain:
+//
+// handler = c.Handler(handler)
+//
+// See Options documentation for more options.
+//
+// The resulting handler is a standard net/http handler.
package cors
import (
@@ -37,61 +35,77 @@ type Options struct {
// Only one wildcard can be used per origin.
// Default value is ["*"]
AllowedOrigins []string
- // AllowOriginFunc is a custom function to validate the origin. It take the origin
+
+ // AllowOriginFunc is a custom function to validate the origin. It takes the origin
// as argument and returns true if allowed or false otherwise. If this option is
// set, the content of AllowedOrigins is ignored.
- AllowOriginFunc func(origin string) bool
- // AllowOriginFunc is a custom function to validate the origin. It takes the HTTP Request object and the origin as
- // argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins`
- // and `AllowOriginFunc` is ignored.
- AllowOriginRequestFunc func(r *http.Request, origin string) bool
+ AllowOriginFunc func(r *http.Request, origin string) bool
+
// AllowedMethods is a list of methods the client is allowed to use with
// cross-domain requests. Default value is simple methods (HEAD, GET and POST).
AllowedMethods []string
+
// AllowedHeaders is list of non simple headers the client is allowed to use with
// cross-domain requests.
// If the special "*" value is present in the list, all headers will be allowed.
// Default value is [] but "Origin" is always appended to the list.
AllowedHeaders []string
+
// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
// API specification
ExposedHeaders []string
- // MaxAge indicates how long (in seconds) the results of a preflight request
- // can be cached
- MaxAge int
+
// AllowCredentials indicates whether the request can include user credentials like
// cookies, HTTP authentication or client side SSL certificates.
AllowCredentials bool
+
+ // MaxAge indicates how long (in seconds) the results of a preflight request
+ // can be cached
+ MaxAge int
+
// OptionsPassthrough instructs preflight to let other potential next handlers to
// process the OPTIONS method. Turn this on if your application handles OPTIONS.
OptionsPassthrough bool
+
// Debugging flag adds additional output to debug server side CORS issues
Debug bool
}
+// Logger generic interface for logger
+type Logger interface {
+ Printf(string, ...interface{})
+}
+
// Cors http handler
type Cors struct {
// Debug logger
- Log *log.Logger
+ Log Logger
+
// Normalized list of plain allowed origins
allowedOrigins []string
+
// List of allowed origins containing wildcards
allowedWOrigins []wildcard
+
// Optional origin validator function
- allowOriginFunc func(origin string) bool
- // Optional origin validator (with request) function
- allowOriginRequestFunc func(r *http.Request, origin string) bool
+ allowOriginFunc func(r *http.Request, origin string) bool
+
// Normalized list of allowed headers
allowedHeaders []string
+
// Normalized list of allowed methods
allowedMethods []string
+
// Normalized list of exposed headers
exposedHeaders []string
maxAge int
+
// Set to true when allowed origins contains a "*"
allowedOriginsAll bool
+
// Set to true when allowed headers contains a "*"
allowedHeadersAll bool
+
allowCredentials bool
optionPassthrough bool
}
@@ -99,14 +113,13 @@ type Cors struct {
// New creates a new Cors handler with the provided options.
func New(options Options) *Cors {
c := &Cors{
- exposedHeaders: convert(options.ExposedHeaders, http.CanonicalHeaderKey),
- allowOriginFunc: options.AllowOriginFunc,
- allowOriginRequestFunc: options.AllowOriginRequestFunc,
- allowCredentials: options.AllowCredentials,
- maxAge: options.MaxAge,
- optionPassthrough: options.OptionsPassthrough,
+ exposedHeaders: convert(options.ExposedHeaders, http.CanonicalHeaderKey),
+ allowOriginFunc: options.AllowOriginFunc,
+ allowCredentials: options.AllowCredentials,
+ maxAge: options.MaxAge,
+ optionPassthrough: options.OptionsPassthrough,
}
- if options.Debug {
+ if options.Debug && c.Log == nil {
c.Log = log.New(os.Stdout, "[cors] ", log.LstdFlags)
}
@@ -116,7 +129,7 @@ func New(options Options) *Cors {
// Allowed Origins
if len(options.AllowedOrigins) == 0 {
- if options.AllowOriginFunc == nil && options.AllowOriginRequestFunc == nil {
+ if options.AllowOriginFunc == nil {
// Default is all origins
c.allowedOriginsAll = true
}
@@ -145,7 +158,7 @@ func New(options Options) *Cors {
// Allowed Headers
if len(options.AllowedHeaders) == 0 {
// Use sensible defaults
- c.allowedHeaders = []string{"Origin", "Accept", "Content-Type", "X-Requested-With"}
+ c.allowedHeaders = []string{"Origin", "Accept", "Content-Type"}
} else {
// Origin is always appended as some browsers will always request for this header at preflight
c.allowedHeaders = convert(append(options.AllowedHeaders, "Origin"), http.CanonicalHeaderKey)
@@ -161,7 +174,7 @@ func New(options Options) *Cors {
// Allowed Methods
if len(options.AllowedMethods) == 0 {
// Default is spec's "simple" methods
- c.allowedMethods = []string{"GET", "POST", "HEAD"}
+ c.allowedMethods = []string{http.MethodGet, http.MethodPost, http.MethodHead}
} else {
c.allowedMethods = convert(options.AllowedMethods, strings.ToUpper)
}
@@ -169,17 +182,25 @@ func New(options Options) *Cors {
return c
}
-// Default creates a new Cors handler with default options.
-func Default() *Cors {
- return New(Options{})
+// Handler creates a new Cors handler with passed options.
+func Handler(options Options) func(next http.Handler) http.Handler {
+ c := New(options)
+ return c.Handler
}
// AllowAll create a new Cors handler with permissive configuration allowing all
// origins with all standard methods with any header and credentials.
func AllowAll() *Cors {
return New(Options{
- AllowedOrigins: []string{"*"},
- AllowedMethods: []string{"HEAD", "GET", "POST", "PUT", "PATCH", "DELETE"},
+ AllowedOrigins: []string{"*"},
+ AllowedMethods: []string{
+ http.MethodHead,
+ http.MethodGet,
+ http.MethodPost,
+ http.MethodPut,
+ http.MethodPatch,
+ http.MethodDelete,
+ },
AllowedHeaders: []string{"*"},
AllowCredentials: false,
})
@@ -187,7 +208,7 @@ func AllowAll() *Cors {
// Handler apply the CORS specification on the request, and add relevant CORS headers
// as necessary.
-func (c *Cors) Handler(h http.Handler) http.Handler {
+func (c *Cors) Handler(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
c.logf("Handler: Preflight request")
@@ -197,57 +218,25 @@ func (c *Cors) Handler(h http.Handler) http.Handler {
// is authentication middleware ; OPTIONS requests won't carry authentication
// headers (see #1)
if c.optionPassthrough {
- h.ServeHTTP(w, r)
+ next.ServeHTTP(w, r)
} else {
w.WriteHeader(http.StatusOK)
}
} else {
c.logf("Handler: Actual request")
c.handleActualRequest(w, r)
- h.ServeHTTP(w, r)
+ next.ServeHTTP(w, r)
}
})
}
-// HandlerFunc provides Martini compatible handler
-func (c *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request) {
- if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
- c.logf("HandlerFunc: Preflight request")
- c.handlePreflight(w, r)
- } else {
- c.logf("HandlerFunc: Actual request")
- c.handleActualRequest(w, r)
- }
-}
-
-// Negroni compatible interface
-func (c *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
- if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
- c.logf("ServeHTTP: Preflight request")
- c.handlePreflight(w, r)
- // Preflight requests are standalone and should stop the chain as some other
- // middleware may not handle OPTIONS requests correctly. One typical example
- // is authentication middleware ; OPTIONS requests won't carry authentication
- // headers (see #1)
- if c.optionPassthrough {
- next(w, r)
- } else {
- w.WriteHeader(http.StatusOK)
- }
- } else {
- c.logf("ServeHTTP: Actual request")
- c.handleActualRequest(w, r)
- next(w, r)
- }
-}
-
// handlePreflight handles pre-flight CORS requests
func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
headers := w.Header()
origin := r.Header.Get("Origin")
if r.Method != http.MethodOptions {
- c.logf(" Preflight aborted: %s!=OPTIONS", r.Method)
+ c.logf("Preflight aborted: %s!=OPTIONS", r.Method)
return
}
// Always set Vary headers
@@ -258,22 +247,22 @@ func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
headers.Add("Vary", "Access-Control-Request-Headers")
if origin == "" {
- c.logf(" Preflight aborted: empty origin")
+ c.logf("Preflight aborted: empty origin")
return
}
if !c.isOriginAllowed(r, origin) {
- c.logf(" Preflight aborted: origin '%s' not allowed", origin)
+ c.logf("Preflight aborted: origin '%s' not allowed", origin)
return
}
reqMethod := r.Header.Get("Access-Control-Request-Method")
if !c.isMethodAllowed(reqMethod) {
- c.logf(" Preflight aborted: method '%s' not allowed", reqMethod)
+ c.logf("Preflight aborted: method '%s' not allowed", reqMethod)
return
}
reqHeaders := parseHeaderList(r.Header.Get("Access-Control-Request-Headers"))
if !c.areHeadersAllowed(reqHeaders) {
- c.logf(" Preflight aborted: headers '%v' not allowed", reqHeaders)
+ c.logf("Preflight aborted: headers '%v' not allowed", reqHeaders)
return
}
if c.allowedOriginsAll {
@@ -296,7 +285,7 @@ func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
if c.maxAge > 0 {
headers.Set("Access-Control-Max-Age", strconv.Itoa(c.maxAge))
}
- c.logf(" Preflight response headers: %v", headers)
+ c.logf("Preflight response headers: %v", headers)
}
// handleActualRequest handles simple cross-origin requests, actual request or redirects
@@ -304,18 +293,14 @@ func (c *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) {
headers := w.Header()
origin := r.Header.Get("Origin")
- if r.Method == http.MethodOptions {
- c.logf(" Actual request no headers added: method == %s", r.Method)
- return
- }
// Always set Vary, see https://github.com/rs/cors/issues/10
headers.Add("Vary", "Origin")
if origin == "" {
- c.logf(" Actual request no headers added: missing origin")
+ c.logf("Actual request no headers added: missing origin")
return
}
if !c.isOriginAllowed(r, origin) {
- c.logf(" Actual request no headers added: origin '%s' not allowed", origin)
+ c.logf("Actual request no headers added: origin '%s' not allowed", origin)
return
}
@@ -324,7 +309,7 @@ func (c *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) {
// spec doesn't instruct to check the allowed methods for simple cross-origin requests.
// We think it's a nice feature to be able to have control on those methods though.
if !c.isMethodAllowed(r.Method) {
- c.logf(" Actual request no headers added: method '%s' not allowed", r.Method)
+ c.logf("Actual request no headers added: method '%s' not allowed", r.Method)
return
}
@@ -339,10 +324,10 @@ func (c *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) {
if c.allowCredentials {
headers.Set("Access-Control-Allow-Credentials", "true")
}
- c.logf(" Actual response added headers: %v", headers)
+ c.logf("Actual response added headers: %v", headers)
}
-// convenience method. checks if debugging is turned on before printing
+// convenience method. checks if a logger is set.
func (c *Cors) logf(format string, a ...interface{}) {
if c.Log != nil {
c.Log.Printf(format, a...)
@@ -352,11 +337,8 @@ func (c *Cors) logf(format string, a ...interface{}) {
// isOriginAllowed checks if a given origin is allowed to perform cross-domain requests
// on the endpoint
func (c *Cors) isOriginAllowed(r *http.Request, origin string) bool {
- if c.allowOriginRequestFunc != nil {
- return c.allowOriginRequestFunc(r, origin)
- }
if c.allowOriginFunc != nil {
- return c.allowOriginFunc(origin)
+ return c.allowOriginFunc(r, origin)
}
if c.allowedOriginsAll {
return true
@@ -376,7 +358,7 @@ func (c *Cors) isOriginAllowed(r *http.Request, origin string) bool {
}
// isMethodAllowed checks if a given method can be used as part of a cross-domain request
-// on the endpoing
+// on the endpoint
func (c *Cors) isMethodAllowed(method string) bool {
if len(c.allowedMethods) == 0 {
// If no method allowed, always return false, even for preflight request
@@ -407,6 +389,7 @@ func (c *Cors) areHeadersAllowed(requestedHeaders []string) bool {
for _, h := range c.allowedHeaders {
if h == header {
found = true
+ break
}
}
if !found {
diff --git a/vendor/github.com/rs/cors/utils.go b/vendor/github.com/go-chi/cors/utils.go
similarity index 89%
rename from vendor/github.com/rs/cors/utils.go
rename to vendor/github.com/go-chi/cors/utils.go
index 53ad9e9db..3fe5a5aee 100644
--- a/vendor/github.com/rs/cors/utils.go
+++ b/vendor/github.com/go-chi/cors/utils.go
@@ -39,20 +39,19 @@ func parseHeaderList(headerList string) []string {
headers := make([]string, 0, t)
for i := 0; i < l; i++ {
b := headerList[i]
- switch {
- case b >= 'a' && b <= 'z':
+ if b >= 'a' && b <= 'z' {
if upper {
h = append(h, b-toLower)
} else {
h = append(h, b)
}
- case b >= 'A' && b <= 'Z':
+ } else if b >= 'A' && b <= 'Z' {
if !upper {
h = append(h, b+toLower)
} else {
h = append(h, b)
}
- case b == '-' || b == '_' || (b >= '0' && b <= '9'):
+ } else if b == '-' || b == '_' || b == '.' || (b >= '0' && b <= '9') {
h = append(h, b)
}
@@ -64,7 +63,7 @@ func parseHeaderList(headerList string) []string {
upper = true
}
} else {
- upper = b == '-' || b == '_'
+ upper = b == '-'
}
}
return headers
diff --git a/vendor/github.com/rs/cors/.travis.yml b/vendor/github.com/rs/cors/.travis.yml
deleted file mode 100644
index 17e5e50d5..000000000
--- a/vendor/github.com/rs/cors/.travis.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-language: go
-go:
-- 1.9
-- "1.10"
-- tip
-matrix:
- allow_failures:
- - go: tip
diff --git a/vendor/github.com/rs/cors/LICENSE b/vendor/github.com/rs/cors/LICENSE
deleted file mode 100644
index d8e2df5a4..000000000
--- a/vendor/github.com/rs/cors/LICENSE
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (c) 2014 Olivier Poitrey
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is furnished
-to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/rs/cors/README.md b/vendor/github.com/rs/cors/README.md
deleted file mode 100644
index ecc83b295..000000000
--- a/vendor/github.com/rs/cors/README.md
+++ /dev/null
@@ -1,115 +0,0 @@
-# Go CORS handler [](https://godoc.org/github.com/rs/cors) [](https://raw.githubusercontent.com/rs/cors/master/LICENSE) [](https://travis-ci.org/rs/cors) [](http://gocover.io/github.com/rs/cors)
-
-CORS is a `net/http` handler implementing [Cross Origin Resource Sharing W3 specification](http://www.w3.org/TR/cors/) in Golang.
-
-## Getting Started
-
-After installing Go and setting up your [GOPATH](http://golang.org/doc/code.html#GOPATH), create your first `.go` file. We'll call it `server.go`.
-
-```go
-package main
-
-import (
- "net/http"
-
- "github.com/rs/cors"
-)
-
-func main() {
- mux := http.NewServeMux()
- mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("Content-Type", "application/json")
- w.Write([]byte("{\"hello\": \"world\"}"))
- })
-
- // cors.Default() setup the middleware with default options being
- // all origins accepted with simple methods (GET, POST). See
- // documentation below for more options.
- handler := cors.Default().Handler(mux)
- http.ListenAndServe(":8080", handler)
-}
-```
-
-Install `cors`:
-
- go get github.com/rs/cors
-
-Then run your server:
-
- go run server.go
-
-The server now runs on `localhost:8080`:
-
- $ curl -D - -H 'Origin: http://foo.com' http://localhost:8080/
- HTTP/1.1 200 OK
- Access-Control-Allow-Origin: foo.com
- Content-Type: application/json
- Date: Sat, 25 Oct 2014 03:43:57 GMT
- Content-Length: 18
-
- {"hello": "world"}
-
-### Allow * With Credentials Security Protection
-
-This library has been modified to avoid a well known security issue when configured with `AllowedOrigins` to `*` and `AllowCredentials` to `true`. Such setup used to make the library reflects the request `Origin` header value, working around a security protection embedded into the standard that makes clients to refuse such configuration. This behavior has been removed with [#55](https://github.com/rs/cors/issues/55) and [#57](https://github.com/rs/cors/issues/57).
-
-If you depend on this behavior and understand the implications, you can restore it using the `AllowOriginFunc` with `func(origin string) {return true}`.
-
-Please refer to [#55](https://github.com/rs/cors/issues/55) for more information about the security implications.
-
-### More Examples
-
-* `net/http`: [examples/nethttp/server.go](https://github.com/rs/cors/blob/master/examples/nethttp/server.go)
-* [Goji](https://goji.io): [examples/goji/server.go](https://github.com/rs/cors/blob/master/examples/goji/server.go)
-* [Martini](http://martini.codegangsta.io): [examples/martini/server.go](https://github.com/rs/cors/blob/master/examples/martini/server.go)
-* [Negroni](https://github.com/codegangsta/negroni): [examples/negroni/server.go](https://github.com/rs/cors/blob/master/examples/negroni/server.go)
-* [Alice](https://github.com/justinas/alice): [examples/alice/server.go](https://github.com/rs/cors/blob/master/examples/alice/server.go)
-* [HttpRouter](https://github.com/julienschmidt/httprouter): [examples/httprouter/server.go](https://github.com/rs/cors/blob/master/examples/httprouter/server.go)
-* [Gorilla](http://www.gorillatoolkit.org/pkg/mux): [examples/gorilla/server.go](https://github.com/rs/cors/blob/master/examples/gorilla/server.go)
-* [Buffalo](https://gobuffalo.io): [examples/buffalo/server.go](https://github.com/rs/cors/blob/master/examples/buffalo/server.go)
-* [Gin](https://gin-gonic.github.io/gin): [examples/gin/server.go](https://github.com/rs/cors/blob/master/examples/gin/server.go)
-* [Chi](https://github.com/go-chi/chi): [examples/chi/server.go](https://github.com/rs/cors/blob/master/examples/chi/server.go)
-
-## Parameters
-
-Parameters are passed to the middleware thru the `cors.New` method as follow:
-
-```go
-c := cors.New(cors.Options{
- AllowedOrigins: []string{"http://foo.com", "http://foo.com:8080"},
- AllowCredentials: true,
- // Enable Debugging for testing, consider disabling in production
- Debug: true,
-})
-
-// Insert the middleware
-handler = c.Handler(handler)
-```
-
-* **AllowedOrigins** `[]string`: A list of origins a cross-domain request can be executed from. If the special `*` value is present in the list, all origins will be allowed. An origin may contain a wildcard (`*`) to replace 0 or more characters (i.e.: `http://*.domain.com`). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin. The default value is `*`.
-* **AllowOriginFunc** `func (origin string) bool`: A custom function to validate the origin. It takes the origin as an argument and returns true if allowed, or false otherwise. If this option is set, the content of `AllowedOrigins` is ignored.
-* **AllowOriginRequestFunc** `func (r *http.Request origin string) bool`: A custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the content of `AllowedOrigins` and `AllowOriginFunc` is ignored
-* **AllowedMethods** `[]string`: A list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (`GET` and `POST`).
-* **AllowedHeaders** `[]string`: A list of non simple headers the client is allowed to use with cross-domain requests.
-* **ExposedHeaders** `[]string`: Indicates which headers are safe to expose to the API of a CORS API specification
-* **AllowCredentials** `bool`: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default is `false`.
-* **MaxAge** `int`: Indicates how long (in seconds) the results of a preflight request can be cached. The default is `0` which stands for no max age.
-* **OptionsPassthrough** `bool`: Instructs preflight to let other potential next handlers to process the `OPTIONS` method. Turn this on if your application handles `OPTIONS`.
-* **Debug** `bool`: Debugging flag adds additional output to debug server side CORS issues.
-
-See [API documentation](http://godoc.org/github.com/rs/cors) for more info.
-
-## Benchmarks
-
- BenchmarkWithout 20000000 64.6 ns/op 8 B/op 1 allocs/op
- BenchmarkDefault 3000000 469 ns/op 114 B/op 2 allocs/op
- BenchmarkAllowedOrigin 3000000 608 ns/op 114 B/op 2 allocs/op
- BenchmarkPreflight 20000000 73.2 ns/op 0 B/op 0 allocs/op
- BenchmarkPreflightHeader 20000000 73.6 ns/op 0 B/op 0 allocs/op
- BenchmarkParseHeaderList 2000000 847 ns/op 184 B/op 6 allocs/op
- BenchmarkParse…Single 5000000 290 ns/op 32 B/op 3 allocs/op
- BenchmarkParse…Normalized 2000000 776 ns/op 160 B/op 6 allocs/op
-
-## Licenses
-
-All source code is licensed under the [MIT License](https://raw.github.com/rs/cors/master/LICENSE).
diff --git a/vendor/modules.txt b/vendor/modules.txt
index c7b53d4f0..b53f16a6b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -154,6 +154,9 @@ github.com/go-chi/chi/middleware
## explicit; go 1.16
github.com/go-chi/chi/v5
github.com/go-chi/chi/v5/middleware
+# github.com/go-chi/cors v1.2.1
+## explicit; go 1.14
+github.com/go-chi/cors
# github.com/go-chi/httplog v0.2.1
## explicit; go 1.14
github.com/go-chi/httplog
@@ -308,9 +311,6 @@ github.com/robertkrimen/otto/file
github.com/robertkrimen/otto/parser
github.com/robertkrimen/otto/registry
github.com/robertkrimen/otto/token
-# github.com/rs/cors v1.6.0
-## explicit
-github.com/rs/cors
# github.com/rs/zerolog v1.26.1
## explicit; go 1.15
github.com/rs/zerolog