github
/
prometheus
mirror of https://github.com/prometheus/prometheus
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #841 from prometheus/fix-cors-perms 

Disallow cross-origin DELETE and POST requests.
pull/843/head
Julius Volz 2015-06-24 17:53:12 +02:00
parent 3fcd26b328 bc1c789bab
commit 32a77085e0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/api/v1/api.go
View File

@ -65,7 +65,7 @@ type API struct {
// Enables cross-site script calls. // Enables cross-site script calls.
func setCORS(w http.ResponseWriter) { func setCORS(w http.ResponseWriter) {
w.Header().Set("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type, Origin") w.Header().Set("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type, Origin")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE") w.Header().Set("Access-Control-Allow-Methods", "GET")
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Expose-Headers", "Date") w.Header().Set("Access-Control-Expose-Headers", "Date")
} }