steven
/
siteviewcounter
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

wildcard CORS is bad. Make note of this, not fixed
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Steven Polley 2020-06-20 20:42:42 -06:00
parent 86ffcb6f3b
commit d432521dae
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
main.go
View File

@ -78,7 +78,9 @@ func main() {
// HTTP handler function
func countHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
// CORS header change required
// CORS header change required.
//TBD wildcard is bad because it could allow illegitmate visits to be recorded if someone was nefarious and embedded
// front end code on a different website than your own. Need to implement environment variable to set allowed origin.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Write([]byte(strconv.Itoa(uniqueVisits)))